cURL / Mailing Lists / curl-users / Single Mail


Re: how to use --proxy-negotiate, exactly?

From: Daniel Stenberg <>
Date: Thu, 26 Feb 2009 13:14:40 +0100 (CET)

On Wed, 25 Feb 2009, Brian J. Murrell wrote:

> Maybe this helps. I have applied a *hack* that solves the problem and
> that's to insert a:
> Curl_input_negotiate(conn, TRUE, "Negotiate");
> before the:
> result = output_auth_headers(conn, authproxy, request, path, TRUE);
> in http_output_auth().

It is a hack and while it may very well work for you it isn't something we can
proceed with.

First, you enable that for proxy only. Then, libcurl can very well have more
than one auth method requested and then it MUST do an un-authed request first
and act on the response and your hack does not take that into account.

> Basically, if --proxy-negotiate was requested, that Curl_input_negotiate ()
> needs to be called prior to that first call to output_auth_headers() in
> http_output_auth(). I don't know how far up in the call stack it makes
> sense to do that.

I think you can probably do like this:

In the output_auth_headers() function, if (authstatus->picked ==
CURLAUTH_GSSNEGOTIATE) means that the auth method were either explicitly
selected like you do, or it was figured out using an un-authorized request

Thus, if it was indeed "picked" you check if 'negdata->context' is NULL and
if it is you init it at that point and then move on. Something similar to
this perhaps:

   if(authstatus->picked == CURLAUTH_GSSNEGOTIATE) &&
      !GSS_ERROR(negdata->status)) {
     int ret=0;


       /* if explicitly selected it isn't inited at this point */
       ret = Curl_input_negotiate(conn, proxy, auth);

       result = Curl_output_negotiate(conn, proxy);
       return result;
     authstatus->done = TRUE;
     negdata->state = GSS_AUTHSENT;

List admin:
Received on 2009-02-26