cURL / Mailing Lists / curl-users / Single Mail


Re: how to use --proxy-negotiate, exactly?

From: Brian J. Murrell <>
Date: Sun, 1 Mar 2009 14:27:12 +0000 (UTC)

On Sun, 01 Mar 2009 12:50:19 +0100, Daniel Stenberg wrote:
> Because I had to pick one!

LOL. OK. Fair enough.

> Right, so now we know why the code needs a round-trip to know exactly
> how to behave.

I would suggest that if a user could not provide enough information, then
a round trip is acceptable, but I think the user should be able to
provide enough information to avoid that. Having to make two round trips
for every single request is just sub-optimal. It increases latency and
litters the proxy logs with "false denials".

> Possibly it could try both HTTP@ and KHTTP@ so it would
> work for both cases. But the code is also sprinkled with logic dependent

Yeah, not sure how SPNEGO fits into [GSS-]Negotiate either, TBH.
> Ideally we'd have someone with access/use for all three kinds as then
> there would be the least risk for breakage.


> But I doubt there's anyone
> like that here right now...


I wonder if we can find 3 people, each with the ability to test one of
the three. I'm happy to be the "Negotiate" guinea-pig.

> They are covered with a single bit just because we've gotten away with
> that so far, and we've seen no reason to introduce two separate ones.

But perhaps we are finding the need now for another bit? Or do you still
think we can, somehow achieve the goal of providing curl with enough
information to retrieve a URL with only a single trip to the proxy
without adding a new bit?


List admin:
Received on 2009-03-01