curl / Mailing Lists / curl-library / Single Mail


Re: NTLMV2 authentication;

From: Daniel Stenberg via curl-library <>
Date: Sat, 17 Nov 2018 18:42:03 +0100 (CET)

On Sat, 17 Nov 2018, Markus Moeller wrote:

(removed curl-users as a recepient)

> Thank you for the pointer, but it seems not to be correctly implement.

That's basically the eternal state of NTLM in a nutshell...

> I did some minor modification to /lib/vauth/ntlm.c to ignore target_info_len
> after which it worked.

Can you perhaps make a full fledged PR out of this suggested change?

> Now I donąt know what is the reason for this check in the code and why it
> makes it work.
> Does anybody know ? Can it be fixed (assuming it is wrong as is ) ?

It is only code, I'm sure it can be fixed.

As to *why* it works like this, I would presume that the only safe way to
figure out is to backtrack in the commit history and see if the commit that
brought the change explained it, but I doubt it.

So, we're left to reading the code and trying to figure out why the check is
there... and when I try to, I fail to explain it. =(


Received on 2018-11-17