cURL / Mailing Lists / curl-users / Single Mail


Re: how to use --proxy-negotiate, exactly?

From: Brian J. Murrell <>
Date: Sun, 1 Mar 2009 03:38:23 +0000 (UTC)

On Thu, 26 Feb 2009 13:14:40 +0100, Daniel Stenberg wrote:
> It is a hack and while it may very well work for you it isn't something
> we can proceed with.

Absolutely agreed. That's why I called it a hack, as it was meant purely
to demonstrate how a more proper fix could be instrumented.
> Thus, if it was indeed "picked" you check if 'negdata->context' is NULL
> and if it is you init it at that point and then move on.

Yeah, that sounds right.

> Something
> similar to this perhaps:
> if(authstatus->picked == CURLAUTH_GSSNEGOTIATE) &&
> !GSS_ERROR(negdata->status)) {
> int ret=0;
> auth="GSS-Negotiate";

Any reason you init this with GSS-Negotiate and not just Negotiate? The
difference observed here that with GSS-Negotiate the service name is
KHTTP_at_server and with Negotiate, it's HTTP_at_server. The latter is correct
for my usage.

But otherwise, yes this solution corrects the problem, indeed.

I've actually not yet understood the subtle difference between Negotiate
and GSS-Negotiate TBH. There does seem to be one, yet there is only a
single CURLAUTH_* definition (and a single command line option to request
it) covering both of them, even though there does seem to be a subtle
difference between how the two operate.


List admin:
Received on 2009-03-01