curl / Mailing Lists / curl-library / Single Mail


GSS-API authentication cannot be disabled for SOCKS5 proxies

From: Kamil Dudka <>
Date: Tue, 03 Jan 2017 12:58:42 +0100


if libcurl is built with GSS-API support, it unconditionally advertises
GSS-API authentication while connecting to a SOCKS5 proxy. This causes
problems in environments with improperly configured Kerberos: a stock
libcurl fails to connect, despite libcurl built without GSS-API connects
just fine using username and password.

A run-time option to disable GSS-API authentication would help here. I was
about to write a patch to reuse CURLOPT_PROXYAUTH for this. Unfortunately,
the default behavior is already inconsistent between SOCKS5 proxies and
HTTP proxies (where GSS-API is disabled by default).

Should we introduce a new option for SOCKS5 authenticaton? New enumeration
constant accepted by CURLOPT_PROXYAUTH? Anything else?

List admin:
Received on 2017-01-03