cURL / Mailing Lists / curl-library / Single Mail


Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Michael Osipov <>
Date: Fri, 27 Jun 2014 22:27:57 +0200

Am 2014-06-27 11:11, schrieb Leonardo Rosati:
> hi,
> looking at the source code of http_negotiate-sspi.c the code doesn't use
> the user/password in case they are passed by the user, in practice assuming
> the proxy to authenticate the connection based on if the machine is in the
> domain or not.
> instead the code for ntlm is different: it passes user/password in case
> they are not empty and so user/password are used for authentication
> purposes.
> I think the correct behavior is the one for ntlm and therefore the
> negotiate method should be changed.

I don't think so. The intention in both is to have credentials already
present at/after login time. At least for NTLM on Windows and SPNEGO on
all platforms.


List admin:
Received on 2014-06-27