cURL / Mailing Lists / curl-library / Single Mail


RE: PATCH: Curl Sanity patch for spnego authentication

From: Daniel Stenberg <>
Date: Mon, 30 Sep 2013 08:30:18 +0200 (CEST)

On Wed, 25 Sep 2013, Arunav Sanyal wrote:

> I use MIT Kebreros 1.11. And I can assure you the library does not handle
> SPNEGO token conversion explicitly. Even when I specify different OID.
> If you have your own server implementation which directly handles gssapi
> tokens, fbopenssl is no longer required. My use case is curl trying to
> authenticate with Tomcat 7.40.0 which expects SPNEGO token.

Hello Arunav, Kevin, Markus and the rest!

As I'm a GSS rookie and a SPNEGO cluebie, you need to help me out a little bit
more here!

This discussion is certainly useful and something that benefits us all, but I
have a very hard time to figure out which conclusions to draw and how to
proceed here. Can I get your help please?

Can we start with Arunav's specific patch[1] for SPNEGO that I questioned[2],
he said he agreed to my doubts[3] and yet he seems to say the fixes are fine.
I can't make sense of that and I don't fully grasp how SPNEGO works in
combination with the GSS stuff. Can't you have both enabled in a single
libcurl build?

I would really like an opinion and help on this from someone else who knows
more about this area than I do! Is the patch fine to merge? If not, what's the
problem? If it is, won't a combined SPNEGO + GSS build crash and burn?

[1] =
[2] =
[3] =

List admin:
Received on 2013-09-30