cURL / Mailing Lists / curl-library / Single Mail

curl-library

http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Leonardo Rosati <geppio1975_at_gmail.com>
Date: Fri, 27 Jun 2014 11:11:46 +0200

hi,

looking at the source code of http_negotiate-sspi.c the code doesn't use
the user/password in case they are passed by the user, in practice assuming
the proxy to authenticate the connection based on if the machine is in the
domain or not.
instead the code for ntlm is different: it passes user/password in case
they are not empty and so user/password are used for authentication
purposes.

I think the correct behavior is the one for ntlm and therefore the
negotiate method should be changed.

I've done the changes in my code and I wanted to submit them for a possible
change, but I wanted to understand if there is a reason why "negotiate" and
"ntlm" should have a different behavior.

Thanks.
Leonardo

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-06-27

This message: [ Message body ]
Next message: Sachin Nikumbh: "SO_REUSEADDR and libcurl"
Previous message: Richard W.M. Jones: "Re: Read and write on the same cURL handle"
Next in thread: Michael Osipov: "Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password"
Reply: Michael Osipov: "Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]