cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: RE: [PATCH v2] Update docs for recent SPNEGO and GSS-API changes

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Mon, 11 Aug 2014 20:41:58 +0100

On Mon, 11 Aug 2014, Michael Osipov wrote:

> > The table itself is a list of libraries we use, so having one row for
> > both heimdal and MIT didn't work for me, but I also appreciate
> > there is some duplication with what I have written :(
> >
> > Any suggestions, either textual or via a patch are much welcome ;-)
>
> Do you insist on having both seperately? It seems to be awkward
> reading the same text twice?

Not at all... This is the first time I've edited that table ;-P

> Why don't you take my initial proposal and say instead of GSS-API
> in the first column "GSS-API (Heimdal, MIT Kerberos)"? Is that better?

It really depends on the route that Daniel wants to take with it. For example I see the Kerberos4 line contains a link to both MIT Kerberos and the kth-krb4 package, howerver, OpenSSL, NSS and yassl are all listed as SSL libraries each with their own entry - some would argue that the entries for NSS and yassl are also identical.

The headers in the table say "Library" and "Used for", what I've done fits that model - I appreciate the krb4 entry doesn't do this so there is some inconsistency there but if I implemented exactly what you wrote then that would be a second inconsistency as GSS-API, as you know, is a technology rather than a single library.

As such, I think the table needs updating:

* OpenSSL can be used for SSL and TLS.
* I'm not sure listing http next to SSL or TLS is the correct thing to do as it is used for all the SSL based protocols as well as those protocols that support explicit upgrades.
* I don't think krb4 should be listed anymore - but I could be wrong here as we may want to leave it there for compiling older versions... but then that should be noted in the description.
*Although not a library that a developer compiles but you could argue that Windows SSPI should be listed for WinSSL (SChannel), Negotiate (SPNEGO) Authentication, NTLM Authentication, Socks5 (Kerberos), DIGEST-MD5 and possibly SASL GSSAPI (Kerberos) if I can get it working (Grrrr!)
*If SSPI is listed then so should Darwin SSL and QSSL
* Other SSL libraries such as CyaSSL, GSKit, gtls, PolarSSL, BoringSSL and LibreSSL should possibly be included.
* Perhaps the "Used for" column should be just a list of technology (such as: SSL, NTLM, Kerberos and a third "Desciption" column and possibly a fourth "Download" column.

I'm more than happy for someone else to look at it or rework it and for others to comment... To a certain degree I wish I'd not touched it now as I've not more import stuff to be hacking together ;-)

Right, what do I need to send to my SMTP server in the application data packet of an "AUTH GSSAPI" authentication handshake?

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-08-11

This message: [ Message body ]
Next message: Daniel Stenberg: "RE: RE: [PATCH v2] Update docs for recent SPNEGO and GSS-API changes"
Previous message: Daniel Stenberg: "Re: Extending pipelining to non-GET HTTP requests"
In reply to: Michael Osipov: "Re: RE: [PATCH v2] Update docs for recent SPNEGO and GSS-API changes"
Next in thread: Daniel Stenberg: "RE: RE: [PATCH v2] Update docs for recent SPNEGO and GSS-API changes"
Reply: Daniel Stenberg: "RE: RE: [PATCH v2] Update docs for recent SPNEGO and GSS-API changes"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]