curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Feature Proposal: Support for additional environment variables for proxy authentication in libcurl

From: Jörn Franke via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 8 Aug 2024 23:14:01 +0200

Hallo,

I would like to propose a feature for libcurl: Support for additional
environment variables for proxy authentication.

Background:
Currently, libcurl provides environment variables to configure a proxy (
https://curl.se/libcurl/c/libcurl-env.html). However, this limits to my
understanding authentication towards the proxy to basic authentication
(e.g. http://username:password_at_proxy:8080). However, enterprise scenarios
usually require other mechanisms, such as Kerberos.
Additionally, many r (e.g.
https://cran.r-project.org/web/packages/RCurl/index.html,
https://cran.r-project.org/web/packages/curl/index.html), python and other
packages for httpclients are mostly based on libcurl (e.g. packages
downloading machine learning models, data, geospatial information etc. from
the web). They can be trivially be configured using environment variables.
Some also can be configured directly in the package, but this is often not
possible if they are just a dependency of yet another package and for each
of the package the configuration is different. Hence, from a developer
point of view it would be nice if they can be configured via environment
variables.

Proposal:
 It would be nice if curl could expose an environment
variable [scheme]_proxyauth the option CURL_PROXYAUTH (
https://github.com/curl/curl/blob/master/docs/libcurl/opts/CURLOPT_PROXYAUTH.md).
Then, people could configure there, for instance, Kerberos authentication
(or other supported proxy authentications).
Example:
Someone would configure HTTP_PROXYAUTH=4 and HTTP_PROXY=http://proxy:8080.
All libraries, packages that depend on libcurl would automatically be able
to use Kerberos authentication with the proxy without configuring them
specially - thus reducing the burden.

Just maybe some possible drawback with Kerberos authentication: I noticed
that in several libraries you need to specify an empty string as username
and password for making Kerberos authentication work (it seems some set
null and then it does not work), so we need to make sure for certain type
of authentication mechanisms that username and password can be sert to an
empty string.

What do you think about this proposal?

Thank you.

Best regards


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-08-08