cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Michael Osipov <1983-01-06_at_gmx.net>
Date: Fri, 27 Jun 2014 22:27:57 +0200

Am 2014-06-27 11:11, schrieb Leonardo Rosati:
> hi,
>
> looking at the source code of http_negotiate-sspi.c the code doesn't use
> the user/password in case they are passed by the user, in practice assuming
> the proxy to authenticate the connection based on if the machine is in the
> domain or not.
> instead the code for ntlm is different: it passes user/password in case
> they are not empty and so user/password are used for authentication
> purposes.
>
> I think the correct behavior is the one for ntlm and therefore the
> negotiate method should be changed.

I don't think so. The intention in both is to have credentials already
present at/after login time. At least for NTLM on Windows and SPNEGO on
all platforms.

Michael

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-06-27

This message: [ Message body ]
Next message: Robotic-Brain: "Mac symbol not found: _ber_free"
Previous message: Sachin Nikumbh: "SO_REUSEADDR and libcurl"
In reply to: Leonardo Rosati: "http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]