cURL / Mailing Lists / curl-library / Single Mail


Re: problems using negotiate with sspi in 7.21.6 - 0001-fix-negotiate-sspi-problem-with-sequential-requests.patch (0/1)

From: Marcel Roelofs <>
Date: Mon, 16 May 2011 11:55:17 +0200

On Fri, 13 May 2011 00:05:40 +0200 (CEST), Daniel Stenberg
<> wrote:

>On Thu, 12 May 2011, Ibraheem wrote:
> ...
>> 1) In my test environment, it was crashing in http_negotiate_sspi.c due to
>> the  fact that after the first Curl_output_negotiate , a call to cleanup
>> clears the  neg_ctx->output_token but not the length of it, which causes
>> problems in the  next Curl_input_negotiate. So clearing the length of the
>> token in cleanup  solves it.
>Can you provide a patch so that we don't misunderstand?

Attached you find a patch that fixes the problem (and changes the
order of some initialization statements to make them appear somewhat
more logical, now I had to read them back myself). Unfortunately, in
my original implementation, I didn't test two subsequent calls in the
same session.

>> 2) In every client-server request, it re-authenticates, is it by design?

Interesting to see how different browsers deal with this:
- Chrome and Firefox behave like curl: every subsequent request starts
afresh, ie. not using any knowledge that a subsequent request may also
need negotiate authentication
- IE already adds a Negotiate header if it knows that a particular
path uses Negotiate authentication. This saves one round trip per

NTLM remembers that a connection is already authenticated, and
apparently doesn't need any additional authentication for subsequent
requests on the same connection.


List admin:
Received on 2011-05-16