cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: krb4 and CURLOPT_KRBLEVEL

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Sat, 15 Nov 2014 22:37:11 +0000

On Sat, 15 Nov 2014, Dan Fandrich wrote:

> > From a curl command line point of view my patch really doesn't do anything
> > different as the current code checks for the presence of
> > CURL_VERSION_KERBEROS4 which won't be there (when >= 7.33.0 ).
>
> The difference is curl aborting because of an unknown option (with the patch),
> and curl ignoring the option and continuing anyway (without the patch).

With the patch getparamter() will return PARAM_OPTION_UNKNOWN and without the patch it returns PARAM_LIBCURL_DOESNT_SUPPORT. Either way the tool exits rather continuing saliently doesn't it or have I misunderstood something in parse_args()?

> > I don't know much about FTP but from reading the code, an application who
> > uses libcurl, could perform curl_easy_setopt(CURLOPT_KRBLEVEL, 4); will
> > cause a "PROT P" (for PRIVATE) command to be sent to the server- Do you
> > know if this applicable to both other authentication mechanisms (inc. krb5) in FTP?
>
> PROT is used for generic TLS encryption and has nothing to do with Kerberos directly,
> as I understand it (maybe it has some subtle semantic difference there).

I'm confused now :(

But aren't we setting this via an option called --krb (command line) and CURLOPT_KRBLEVEL (libcurl) which would indicate Kerberos specific stuff wouldn't or is it that we've misnamed things here?

Cheers for your assistance here Dan - much appreciated ;-)

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-15