cURL / Mailing Lists / curl-library / Single Mail


Re: SECURITY VULNERABILITY: inappropriate GSSAPI delegation

From: Dan Fandrich <>
Date: Thu, 7 Jul 2011 12:42:26 -0700

On Thu, Jul 07, 2011 at 03:14:15PM -0400, Rob Crittenden wrote:
> This completely disables delegation in libcurl. Are there plans to
> add an option for this or would you accept a patch to add this? The
> freeipa project needs to be able to do delegation in libcurl.

That was a limitation we accepted in the interests of releasing a timely
fix and avoiding prematurely publicising the issue. Since none of the
core curl developers uses Kerberos, it would have been a bit risky to
develop a proper API without public feedback. I believe that patches
to add such an API would be welcome.

>>> Dan
List admin:
Received on 2011-07-07