curl-library
Re: krb4 and CURLOPT_KRBLEVEL
Date: Sun, 16 Nov 2014 00:40:40 +0100
On Sat, Nov 15, 2014 at 10:37:11PM +0000, Steve Holme wrote:
> On Sat, 15 Nov 2014, Dan Fandrich wrote:
>
> > > From a curl command line point of view my patch really doesn't do anything
> > > different as the current code checks for the presence of
> > > CURL_VERSION_KERBEROS4 which won't be there (when >= 7.33.0 ).
> >
> > The difference is curl aborting because of an unknown option (with the patch),
> > and curl ignoring the option and continuing anyway (without the patch).
>
> With the patch getparamter() will return PARAM_OPTION_UNKNOWN and without the patch it returns PARAM_LIBCURL_DOESNT_SUPPORT. Either way the tool exits rather continuing saliently doesn't it or have I misunderstood something in parse_args()?
I though you were removing support of the option from the curl tool, in which
case it work abort with "curl: option --krb: is unknown".
> > > I don't know much about FTP but from reading the code, an application who
> > > uses libcurl, could perform curl_easy_setopt(CURLOPT_KRBLEVEL, 4); will
> > > cause a "PROT P" (for PRIVATE) command to be sent to the server- Do you
> > > know if this applicable to both other authentication mechanisms (inc. krb5) in FTP?
> >
> > PROT is used for generic TLS encryption and has nothing to do with Kerberos directly,
> > as I understand it (maybe it has some subtle semantic difference there).
>
> I'm confused now :(
>
> But aren't we setting this via an option called --krb (command line) and CURLOPT_KRBLEVEL (libcurl) which would indicate Kerberos specific stuff wouldn't or is it that we've misnamed things here?
I haven't looked at the code for any of this, but PROT P is sent for FTP when
the --ssl option is given. Perhaps --krb enables --ssl as well by default.
>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-16