cURL / Mailing Lists / curl-library / Single Mail


Re: secur32.lib on Windows?

From: Yang Tse <>
Date: Wed, 28 Jan 2009 17:04:32 +0100

2009/1/28, Daniel Stenberg wrote:

> What is secur32.lib and why do we need it with the GSSAPI change?

Library which provides the following Windows SSPI functions used
_directly_ by Markus Moeller's patch: DecryptMessage, EncryptMessage,
QueryContextAttributes, QueryCredentialsAttributes,
DeleteSecurityContext, FreeContextBuffer, InitializeSecurityContext,
FreeCredentialsHandle, AcquireCredentialsHandle

Depending on Windows version these functions are available at run time
through security.dll/lib or secur32.dll/lib

> Why didn't we need it before?

Not because libcurl wasn't already using any of those functions. But
certainly because libcurl wasn't binding/linking directly with any
function from such library at compilation stage. libcurl was first
loading the appropiate dll depending on Windows varsion, finding the
address of the SecurityFunctionTable using InitSecurityInterface() [1]
and afterwards calling such SSPI functions through the
SecurityFunctionTable [2] dispatch table.

All this is the approach followed in http_ntlm.c, see
Curl_ntlm_global_init() and function calls done through s_pSecFn [3].
A little bit convoluted, but the most portable approach across Windows

> Will it have any drawbacks for those who don't care about SOCKS support?

For libcurl consistency and maintainability sake the Windows SSPI
interface should probably be used only in one fashion, linking
directly with the SSPI library or the more portable late binding using
the function dispatch table which avoids direct linking.

Late binding also implies that Windows security fixes that affect SSPI
will be 'active' in libcurl as soon as the OS is fixed, otherwise
libcurl recompilation is obviously required.


Received on 2009-01-28