curl-library
http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password
Date: Fri, 27 Jun 2014 11:11:46 +0200
hi,
looking at the source code of http_negotiate-sspi.c the code doesn't use
the user/password in case they are passed by the user, in practice assuming
the proxy to authenticate the connection based on if the machine is in the
domain or not.
instead the code for ntlm is different: it passes user/password in case
they are not empty and so user/password are used for authentication
purposes.
I think the correct behavior is the one for ntlm and therefore the
negotiate method should be changed.
I've done the changes in my code and I wanted to submit them for a possible
change, but I wanted to understand if there is a reason why "negotiate" and
"ntlm" should have a different behavior.
Thanks.
Leonardo
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-06-27