cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: How to set service name for SPNEGO?

From: Linus Nielsen <linus_at_haxx.se>
Date: Mon, 06 Apr 2015 17:26:21 +0200

On 04/04/2015 12:51 AM, Daniel Stenberg wrote:
> Thanks! I'm fine with the change and as there's at least one user saying
> it looks fine I'm happy. I have no way of testing this myself. The
> changes seems totally benign to me.

One thing worries me a little, the CURLOPT_PROXY_SERVICE_NAME option.
The default is "rcmd", since it was a socks5-only option. If I use this
option for the Kerberos/SPNEGO/Digest proxy negotiation, the default
name will be incorrect.

We can probably fix this in the curl tool, but libcurl applications will
stop working unless they set CURLOPT_PROXY_SERVICE_NAME to "HTTP" when
connecting to a Kerberos/SPNEGO/Digest proxy.

The current patch does not use CURLOPT_PROXY_SERVICE_NAME for
Kerberos/SPNEGO/Digest proxies (hardcoded to "HTTP"), but that seems
wrong as well. The whole point of replacing
CURLOPT_SOCKS5_GSSAPI_SERVICE was to have one option for all mechanisms,
but that will break one or the other.

Perhaps I should take a step back and keep the
CURLOPT_SOCKS5_GSSAPI_SERVICE option as-is, and add the
CURLOPT_PROXY_SERVICE_NAME for all other mechanisms.

Thoughts?

Linus

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-04-06