cURL / Mailing Lists / curl-users / Single Mail


Re: how to use --proxy-negotiate, exactly?

From: Brian J. Murrell <>
Date: Tue, 24 Feb 2009 15:47:50 +0000 (UTC)

On Tue, 24 Feb 2009 09:08:23 +0100, Daniel Stenberg wrote:
> If I'm not mistaking, the Negotiate protocol works that way

I could even more likely be mistaken, but I don't think a Negotiate
authenticated request needs to be preceded by a non-Negotiate
authenticated request.

> so libcurl
> needs to get the Proxy-Authorize: oresponse back from the proxy with
> data in it in order to proceed from there.

I don't see anything in the response from the failed first request that
the Negotiate request would need/use. Here's the initial non-Negotiate

> GET HTTP/1.1
> User-Agent: curl/7.19.3 (i486-pc-linux-gnu) libcurl/7.19.3 OpenSSL/0.9.8g zlib/ libidn/1.8
> Host:
> Accept: */*
> Proxy-Connection: Keep-Alive
* HTTP 1.0, assume close after body
< HTTP/1.0 407 Proxy Authentication Required
< Server: squid/3.0.STABLE10
< Mime-Version: 1.0
< Date: Tue, 24 Feb 2009 04:11:51 GMT
< Content-Type: text/html
< Content-Length: 1624
< Expires: Tue, 24 Feb 2009 04:11:51 GMT
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
< X-Cache: MISS from linux
< X-Cache-Lookup: NONE from linux:3128
< Via: 1.0 linux (squid/3.0.STABLE10)
< Proxy-Connection: close

Also, I'm fairly sure that Firefox, which also does Negotiate, doesn't
send a non-Negotiate request prior to using Negotiate.

ISTM that curl should be able to just jump to using Negotiate for the
first request and it should work.

I could probably add some more debug to figure out why this two phase
requesting is happening, but likely you have much more familiarity and
could eliminate that first request a lot quicker than I can. :-)


List admin:
Received on 2009-02-24