After reverting revision a4cece3d47cf092da00cf9910e87bb60b9eff533 (CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design), everything works again and Negotiate works too now!

Unfortunately there are memory leaks when using Negotiate:

Detected memory leaks!
Dumping objects ->
{273578} normal block at 0x080683C8, 287 bytes long.
 Data: <NTLMSSP > 4E 54 4C 4D 53 53 50 00 02 00 00 00 14 00 14 00
{273577} normal block at 0x08492030, 12256 bytes long.
 Data: < > CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD
{273567} normal block at 0x0055B7D0, 128 bytes long.
 Data: <Proxy-Authorizat> 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74
{246325} normal block at 0x08068118, 287 bytes long.
 Data: <NTLMSSP > 4E 54 4C 4D 53 53 50 00 02 00 00 00 14 00 14 00
{246324} normal block at 0x0849CA68, 12256 bytes long.
 Data: < > CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD
{246310} normal block at 0x0055B300, 128 bytes long.
 Data: <Proxy-Authorizat> 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74
{212503} normal block at 0x08068270, 287 bytes long.
 Data: <NTLMSSP > 4E 54 4C 4D 53 53 50 00 02 00 00 00 14 00 14 00
{212501} normal block at 0x08454828, 12256 bytes long.
 Data: < > CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD
{211799} normal block at 0x0055B3B0, 128 bytes long.
 Data: <Proxy-Authorizat> 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74
Object dump complete.

---
** [bugs:#1363] Negotiate with SSPI not working**
**Status:** pending-needsinfo
**Created:** Wed Apr 23, 2014 10:45 AM UTC by Marcel Raad
**Last Updated:** Wed Jul 23, 2014 01:39 PM UTC
**Owner:** Daniel Stenberg
I'm using libcurl 7.35.0 built with SSPI (the relevant code has not changed in the current git version). I'm trying to authenticate to a Microsoft Threat Management Gateway 2010 SP2 proxy server via Negotiate. This fails and I see the following sequence of events in http_negotiate_sspi.c:
1. Curl_input_negotiate is called and creates a new credential handle and context handle (line 160f), but doesn't pass them to InitializeSecurityContext as the input token is not set (line 211).
2. Curl_output_negotiate is called, which frees the context and credential handles in Curl_cleanup_negotiate.
3. Curl_input_negotiate is called again, this time creating an input token (line 176). The call to InitializeSecurityContext fails with SEC_E_INVALID_HANDLE as neg_ctx->credentials and neg_ctx->context are NULL.
If I skip the call to Curl_cleanup_negotiate in Curl_output_negotiate (line 271), the authentication is successful.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.