curl / Mailing Lists / curl-library / Single Mail

curl-library

GSS-API authentication cannot be disabled for SOCKS5 proxies

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 03 Jan 2017 12:58:42 +0100

Hello,

if libcurl is built with GSS-API support, it unconditionally advertises
GSS-API authentication while connecting to a SOCKS5 proxy. This causes
problems in environments with improperly configured Kerberos: a stock
libcurl fails to connect, despite libcurl built without GSS-API connects
just fine using username and password.

A run-time option to disable GSS-API authentication would help here. I was
about to write a patch to reuse CURLOPT_PROXYAUTH for this. Unfortunately,
the default behavior is already inconsistent between SOCKS5 proxies and
HTTP proxies (where GSS-API is disabled by default).

Should we introduce a new option for SOCKS5 authenticaton? New enumeration
constant accepted by CURLOPT_PROXYAUTH? Anything else?

Kamil
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-01-03

This message: [ Message body ]
Next message: Praveen Pvs: "Re: How to Set Keep Alive Option in CURL"
Previous message: m brandenberg: "Re: How to Set Keep Alive Option in CURL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]