cURL / Mailing Lists / curl-users / Single Mail


Re: how to use --proxy-negotiate, exactly?

From: Brian J. Murrell <>
Date: Wed, 25 Feb 2009 14:33:41 +0000 (UTC)

On Tue, 24 Feb 2009 23:57:52 +0100, Daniel Stenberg wrote:
> No, me neither (having just seen your protocol dump). Except the
> difference between Negotiate and GSS-Negotiate,

I guess I don't understand the difference between Negotiate and GSS-
Negotiate so I can't quite distinguish the difference there.

> but I don't think that's
> a reason enough.

OK. If you say so. ;-)
> Still, the code is clearly written to work this way and it certainly
> seems like a flaw to me - but without a test system for this I'm not
> right man to improve that code.

Maybe this helps. I have applied a *hack* that solves the problem and
that's to insert a:

  Curl_input_negotiate(conn, TRUE, "Negotiate");

before the:

    result = output_auth_headers(conn, authproxy, request, path, TRUE);

in http_output_auth().

Here's a diff of it:

--- ../../../lib/http.c 2009-02-23 17:54:17.000000000 -0500
+++ ../lib/http.c 2009-02-25 09:25:35.000000000 -0500
@@ -647,6 +661,9 @@
   /* Send proxy authentication header if needed */
   if(conn->bits.httpproxy &&
       (conn->bits.tunnel_proxy == proxytunnel)) {
+ Curl_input_negotiate(conn, TRUE, "Negotiate");
     result = output_auth_headers(conn, authproxy, request, path, TRUE);
       return result;

But I'm not (yet) quite sure how that should be done properly.
Basically, if --proxy-negotiate was requested, that Curl_input_negotiate
() needs to be called prior to that first call to output_auth_headers()
in http_output_auth(). I don't know how far up in the call stack it
makes sense to do that.



List admin:
Received on 2009-02-25