[PATCH] curl_ntlm_msgs.c: Remove ISC_REQ_* flags from call to InitializeSecurityContext to fix bug in NTLM handshake for HTTP proxy authentication using Windows SSPI
Date: Fri, 12 Sep 2014 12:22:56 +0200
NTLM handshake for HTTP proxy authentication failed with error SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy servers on generating the NTLM Type-3 message.
The issue was mainly discussed with Steve Holme on the curl-library mailing list. See thread starting here: http://curl.haxx.se/mail/lib-2014-08/0273.html
The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according to the observations and suggestions made in a bug report for the QT project (https://bugreports.qt-project.org/browse/QTBUG-17322).
Removing all ISC_REQ_* flags from the call to InitializeSecurityContext solved the problem. Therefore I prepared a patch against the latest libcurl release 7.38.0. Additionally I added a infof call in case that InitializeSecurityContext fails to display the status code return by the function.
I hope the attached patch file is usable.
-- Ulrich Telle E-Mail: mailto:Ulrich.Telle_at_gmx.de Homepage: http://www.telle-online.de
- text/x-patch attachment: curl_ntlm_msgs_c.patch