cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] curl_ntlm_msgs.c: Remove ISC_REQ_* flags from call to InitializeSecurityContext to fix bug in NTLM handshake for HTTP proxy authentication using Windows SSPI

From: Ulrich Telle <Ulrich.Telle_at_gmx.de>
Date: Fri, 12 Sep 2014 12:22:56 +0200

NTLM handshake for HTTP proxy authentication failed with error SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy servers on generating the NTLM Type-3 message.

The issue was mainly discussed with Steve Holme on the curl-library mailing list. See thread starting here: http://curl.haxx.se/mail/lib-2014-08/0273.html

The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according to the observations and suggestions made in a bug report for the QT project (https://bugreports.qt-project.org/browse/QTBUG-17322).

Removing all ISC_REQ_* flags from the call to InitializeSecurityContext solved the problem. Therefore I prepared a patch against the latest libcurl release 7.38.0. Additionally I added a infof call in case that InitializeSecurityContext fails to display the status code return by the function.

I hope the attached patch file is usable.

Regards,

Ulrich

--
Ulrich Telle
E-Mail: mailto:Ulrich.Telle_at_gmx.de
Homepage: http://www.telle-online.de


-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2014-09-12