cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH ] Add new options negotiate-gssapi=service and proxy-negotiate-gssapi-service

From: Markus Moeller <>
Date: Mon, 23 Sep 2013 19:45:08 +0100


  here is my updated patch for 7.32.0 which keeps the KHTTP if no option is given.

  I do not think I require any addition to reuse_conn as all conn->data information is copied from the old connection.


From: Arunav Sanyal
Sent: Thursday, September 19, 2013 10:22 AM
Newsgroups: gmane.comp.web.curl.library
To: libcurl development
Subject: Re: [PATCH ] Add new options negotiate-gssapi=service and proxy-negotiate-gssapi-service

Hi Markus

>The spnego code can be removed as the newer (I think now more than 5 years) Kerberos libraries support spnego natively . I added that with fbopenssl as a library ( I assume you mean the code with HAVE_SPNEGO )

No the SPNEGO code cannot be removed. SPNEGO is a different rfc from gssapi. I use the MIT kerberos library 1.11 which is pretty recent as it is. fbopenssl's job is to convert tokens from one rfc to another. I know this because I use both the libraries every single day in my organization.

>I doní t understand this. I only set the default values in url.c donít I

No you do not. reuse_conn is a very important function. its a static declaration. Take this piece of code for instance.

conn->bits.user_passwd = old_conn->bits.user_passwd;
  if(conn->bits.user_passwd) {
    /* use the new user name and password though */
    conn->user = old_conn->user;
    conn->passwd = old_conn->passwd;
    old_conn->user = NULL;
    old_conn->passwd = NULL;

here the username and password fields are copied. You need to explicitly copy your new service principal string. Otherwise there will be cases in which your code will break terribly.

If you want, I can add a patch from your variables on top of that.

Arunav Sanyal
Graduate student
B.E (Hons) Computer Science 
BITS Pilani K.K Birla Goa Campus
Software Engineer 
List admin:

List admin:

Received on 2013-09-23