cURL / Mailing Lists / curl-library / Single Mail


Patch to allow GSSAPI authentication to a socks5 server

From: Markus Moeller <>
Date: Sun, 11 Jan 2009 17:51:43 -0000

Please find attached a patch to curl 7.19.2 which adds Socks5 GSSAPI
authentication. It works on Unix and Windows.

I added two options:

    --socks5-gssapi-service <servicename> SOCKS5 proxy service name for
    --socks5-gssapi-nec Compatibility with NEC SOCKS5 server

The default service name for a socks server is rcmd/server-fqdn and the
first option allows you to change it.
 --socks5 proxy-name --socks5-gssapi-service sockd would use
 --socks5 proxy-name --socks5-gssapi-service sockd/real-name would use
sockd/real-name for cases the proxy-name does not match the princpal name.

As part of the gssapi negotiation a protection mode is negotiated. The
rfc1961 says in section 4.3/4.4 it should be protected, but the NEC
reference implementation does not.
The option --socks5-gssapi-nec allows the unprotected exchange of the
protection mode negotiation.

Any feedback is appreciated.


Received on 2009-01-11