Unfortunately with git revision 2cd0c2d244a95f1c9e21a8854234023ceec194b6, my existing code (that had to explicitly disable Negotiate because of the auth failures) doesn't work at all anymore when using CONNECT and CURLOPT_CONNECT_ONLY (it works when using neither). I'll investigate.

---
** [bugs:#1363] Negotiate with SSPI not working**
**Status:** pending-needsinfo
**Created:** Wed Apr 23, 2014 10:45 AM UTC by Marcel Raad
**Last Updated:** Wed Jul 23, 2014 10:38 AM UTC
**Owner:** Daniel Stenberg
I'm using libcurl 7.35.0 built with SSPI (the relevant code has not changed in the current git version). I'm trying to authenticate to a Microsoft Threat Management Gateway 2010 SP2 proxy server via Negotiate. This fails and I see the following sequence of events in http_negotiate_sspi.c:
1. Curl_input_negotiate is called and creates a new credential handle and context handle (line 160f), but doesn't pass them to InitializeSecurityContext as the input token is not set (line 211).
2. Curl_output_negotiate is called, which frees the context and credential handles in Curl_cleanup_negotiate.
3. Curl_input_negotiate is called again, this time creating an input token (line 176). The call to InitializeSecurityContext fails with SEC_E_INVALID_HANDLE as neg_ctx->credentials and neg_ctx->context are NULL.
If I skip the call to Curl_cleanup_negotiate in Curl_output_negotiate (line 271), the authentication is successful.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.