cURL / Mailing Lists / curl-library / Single Mail


[PATCH] curl-7.21.5-gssauth-handle-reuse-fix

From: Marcus Sundberg <>
Date: Wed, 09 Mar 2011 20:26:51 +0100


git clone against a repository using GSS auth does not work with recent
libcurl versions. It used to work fine with libcurl 7.15.5 for example,
but in recent versions it's broken.

The problem is this code in Curl_http_input_auth():

    if(data->state.negotiate.state == GSS_AUTHSENT) {
      /* if we sent GSS authentication in the outgoing request and we get this
         back, we're in trouble */
      infof(data, "Authentication problem. Ignoring this.\n");
      data->state.authproblem = TRUE;

When a struct connectdata is used for multiple requests and the
first request was authenticated with GSS, data->state.negotiate.state
is not reset for subsequent calls to Curl_http_input_auth,
which causes the above if statement to be true and the next request
to fail without authentication being tried.

The attached patch makes sure that the state is always set to
GSS_AUTHNONE in output_auth_headers(), unless it actually did
a successful Curl_output_negotiate().

Attached is also a log from GIT_CURL_VERBOSE=1 showing the problem.
When using libcurl 7.15.5 or using my patch, the
"* Authentication problem. Ignoring this." line interleaved in the
last 401 does not appear, and libcurl successfully resends the
request with proper authentication.


 Marcus Sundberg <>
 Senior System & Software Engineer 
 Aptilo Networks AB,
Received on 2011-03-09