cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [bagder/curl] 2976de: sspi: Added version information

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Mon, 23 Apr 2012 15:46:17 +0200

2012/4/23 Guenter <lists_at_gknw.net>
>
> Am 23.04.2012 14:50, schrieb Yang Tse:
>
>> Just a heads up with this commit 2976de48 and subsequent ones...
>>
>>> Added version information for Windows SSPI to curl's main version
>>> string and removed SSPI from the features string.
>>
>>
>> Please notice that, even when inexact, existing situation in curl's
>> code base up to that commit was that USE_WINDOWS_SSPI actually meant
>> USE_WINDOWS_SSO and that the SSPI feature actually meant SSO.
>>
>> For that reason, feature SSPI was a feature and had no version, it
>> actually represented SSO 'single sign on' capability.
>>
>> This has been something we have been carrying over the years without
>> anyone bothering to fix the situation, all of this due to the fact
>> that at some point in the past SSPI for Microsoft represented 'single
>> signing point infraestructure' or similar and in recent times it
>> actually represents 'Security Support Provider Interface'.
>>
>> Notice that what curl has been calling SSPI is implemented in the code
>> base using different crypto libraries and code paths. Now that the
>> modern SSPI interpretation seems to be necesary we should fix existing
>> situation before pushing in the new SSPI stuff or we are going to
>> break builds quite badly.
>>
>> Additionally it is very likely that currently at some point
>> USE_WINDOWS_SSPI is misused.
>>
>> So I would suggest that before going any further with the SSPI stuff
>> we do the following...
>>
>> 1) Revert 2976de48 and subsequent related commits. And...
>> 2) Rename USE_WINDOWS_SSPI to USE_WINDOWS_SSO. And...
>> 3) Rename feature SSPI to SSO. And...
>> 4) Verify if usage of USE_WINDOWS_SSO seems appropriate wherever it is used.
>>
> +1 - sounds reasonable ...

Sure, that's a good plan, but I don't think that USE_WINDOWS_SSPI is
misused everythere.
The NTLM and other authentication parts should probably use
USE_WINDOWS_SSO, but IMHO for example the shared curl_sspi.[ch] file
should actually stay with USE_WINDOWS_SSPI.

I think the best approach is to have USE_WINDOWS_SSPI there for shared
SSPI functionality that is being required by the then newly introduced
switches USE_WINDOWS_SSO and later USE_WINDOWS_SCHANNEL.

Best regards,
Marc

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-04-23

This message: [ Message body ]
Next message: Peter Ondruška: "libcurl compiling under zOS Unix system services"
Previous message: sukanya c: "Query regarding libcurl DNS cache.."
In reply to: Guenter: "Re: [bagder/curl] 2976de: sspi: Added version information"
Next in thread: Yang Tse: "Re: [bagder/curl] 2976de: sspi: Added version information"
Reply: Yang Tse: "Re: [bagder/curl] 2976de: sspi: Added version information"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]