On Thu, 30 Jan 2014, Daniel Stenberg wrote:

> > ntlm: Use static client nonce for the test suite
>
> I would like this kind of debug functionality to still be conditional on
an
> environment variable or similar, like the fake host name thing for
example,
> so that a debug built curl can still work properly.

That seems sensible - but I am just trying to get the failing tests working
again at the moment ;-)

> I wrote a little little patch that changed
Curl_ntlm_create_type3_message()
> to do this (see attachment), but then it struck me:
>
> Shouldn't we rather have the Curl_ssl_random() have this debug
functionality?

Quite possibly... however I also think that:

a) The random text generation in Curl_sasl_create_digest_md5_message() in
curl_sasl.c perhaps should do something similar but that doesn't use
Curl_ssl_random() as it generates a textual nonce.
b) The timestamp in Curl_ntlm_core_mk_ntlmv2_resp() perhaps should also be
controlled by something similar as I have hardcoded 01/01/1970 at the
moment.

Kind Regards

Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-30