Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: how to use --proxy-negotiate, exactly?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 2 Mar 2009 14:02:21 +0100 (CET)

On Mon, 2 Mar 2009, Brian J. Murrell wrote:

This thread is now taken over to the curl-library list from curl-users. The
thread so far can be viewed here =>

         http://curl.haxx.se/mail/archive-2009-02/index.html#90

>> Assuming we can do that check for both HTTP@ and KHTTP@ we might still
>> be able to get away with the single bit.
>
> Indeed. I had thought about this a few hours ago myself. Keeping it
> simple, we could change up the:
>
> auth="GSS-Negotiate";
> if(!negdata->context)
> /* if explicitly selected it isn't inited at this point */
> ret = Curl_input_negotiate(conn, proxy, auth);
>
> with:
>
> auth="GSS-Negotiate";
> if(!negdata->context)
> /* if explicitly selected it isn't inited at this point */
> if ((ret = Curl_input_negotiate(conn, proxy, auth)) < 0) {
> auth="Negotiate";
> ret = Curl_input_negotiate(conn, proxy, auth);
>
> }
>
> in addition to a "neg_ctx->server_name = NULL;" in the "if(GSS_ERROR
> (major_status))" condition at the end of Curl_input_negotiate() so that
> subsequent calls will fall into get_gss_name();
>
> The only side effect is the printing of a:
>
> * gss_init_sec_context() failed: : Server not found in Kerberos database

Right. I think the logic that tries both versions should rather be moved into
the Curl_input_negotiate() function and that could then avoid doing that fail
output while "probing".

>> If not, I don't see any reason why shouldn't add a bit if it makes or
>> allows (lib)curl to behave better.
>
> Great. We seem to be on the same page then. I'd surely like to avoid it if
> possible, but am willing to accept another bit if no other clean way can be
> found.

Well, if we exclude SPNEGO for a while (which isn't even certain to still be
working afaik) and we do the try-both approach I think we're still functional
with the current single bit.

Are you up to provide an patch based on what we've discussed so far? 

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2009-03-02