cURL / Mailing Lists / curl-library / Single Mail


[PATCH] curl_ntlm_msgs.c: Remove ISC_REQ_* flags from call to InitializeSecurityContext to fix bug in NTLM handshake for HTTP proxy authentication using Windows SSPI

From: Ulrich Telle <>
Date: Fri, 12 Sep 2014 12:22:56 +0200

NTLM handshake for HTTP proxy authentication failed with error SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy servers on generating the NTLM Type-3 message.

The issue was mainly discussed with Steve Holme on the curl-library mailing list. See thread starting here:

The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according to the observations and suggestions made in a bug report for the QT project (

Removing all ISC_REQ_* flags from the call to InitializeSecurityContext solved the problem. Therefore I prepared a patch against the latest libcurl release 7.38.0. Additionally I added a infof call in case that InitializeSecurityContext fails to display the status code return by the function.

I hope the attached patch file is usable.



Ulrich Telle

List admin:

Received on 2014-09-12