cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Re: [PATCH 0/6] Fix SPNEGO to work comprehensively throughout curl

From: Michael Osipov <1983-01-06_at_gmx.net>
Date: Thu, 17 Jul 2014 19:51:29 +0200

> Von: "David Woodhouse" <dwmw2_at_infradead.org>
> On Thu, 2014-07-17 at 15:47 +0200, Michael Osipov wrote:
> >
> > Servers:
> > - Apache 2.2.27 on FreeBSD with mod_spnego (MIT Kerberos 1.12.1)
>
> Was that the one offering the duplicate 'WWW-Authenticate: Negotiate'
> headers? I think you fixed it to stop doing that... but could you break
> it again, and test?

I have found and fixed that bug already in that mod. Tests have been made with
the fix: https://github.com/lha/mod_spnego/pull/11

But yes, I can break again and test. As far as I remember, it worked anyway.
 
> I think I broke Kamil's recent fix¹ for that degenerate case, but we
> could probably cope again if we just do the following:
>
> --- a/lib/http.c
> +++ b/lib/http.c
> @@ -790,8 +790,6 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
> /* we received GSS auth info and we dealt with it fine */
> negdata->state = GSS_AUTHRECV;
> }
> - else
> - data->state.authproblem = TRUE;
> }
> }
> }
>
>
> I'd test this myself but... I can't actually remember which server I
> discovered this with, and stupidly didn't put that information into the
> bug I filed.

I do not know whether this will fix but I can change my Tomcat Authenticator
to resemble that faulty server.

Michael

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-18