curl-library
Re: [PATCH 0/6] Fix SPNEGO to work comprehensively throughout curl
Date: Thu, 17 Jul 2014 20:46:12 +0200
Am 2014-07-17 17:20, schrieb David Woodhouse:
> On Thu, 2014-07-17 at 15:47 +0200, Michael Osipov wrote:
>>
>> Servers:
>> - Apache 2.2.27 on FreeBSD with mod_spnego (MIT Kerberos 1.12.1)
>
> Was that the one offering the duplicate 'WWW-Authenticate: Negotiate'
> headers? I think you fixed it to stop doing that... but could you break
> it again, and test?
I have found and fixed that bug already in that mod already. Tests have
been made with
the fix: https://github.com/lha/mod_spnego/pull/11
But yes, I can break again and test. As far as I remember, it worked anyway.
> I think I broke Kamil's recent fix¹ for that degenerate case, but we
> could probably cope again if we just do the following:
>
> --- a/lib/http.c
> +++ b/lib/http.c
> @@ -790,8 +790,6 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
> /* we received GSS auth info and we dealt with it fine */
> negdata->state = GSS_AUTHRECV;
> }
> - else
> - data->state.authproblem = TRUE;
> }
> }
> }
>
>
> I'd test this myself but... I can't actually remember which server I
> discovered this with, and stupidly didn't put that information into the
> bug I filed.
I do not know whether this will fix but I can change my Tomcat Authenticator
to resemble that faulty server.
Michael
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-18