cURL / Mailing Lists / curl-library / Single Mail


Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Leonardo Rosati <>
Date: Thu, 3 Jul 2014 12:31:22 +0200

I've tried debugging with WireShark with a proxy with negotiation (ISA
Server) and CURL does not pass user/password to the proxy even if
specified. The machine is authenticated just in case it is part of the
Code in http_negotiate-sspi.c is different from the http_ntlm.c, which,
correctly, passes username/password

Anyone has verified negotiation passes credentials?


2014-06-27 22:27 GMT+02:00 Michael Osipov <>:

> Am 2014-06-27 11:11, schrieb Leonardo Rosati:
> hi,
>> looking at the source code of http_negotiate-sspi.c the code doesn't use
>> the user/password in case they are passed by the user, in practice
>> assuming
>> the proxy to authenticate the connection based on if the machine is in the
>> domain or not.
>> instead the code for ntlm is different: it passes user/password in case
>> they are not empty and so user/password are used for authentication
>> purposes.
>> I think the correct behavior is the one for ntlm and therefore the
>> negotiate method should be changed.
> I don't think so. The intention in both is to have credentials already
> present at/after login time. At least for NTLM on Windows and SPNEGO on all
> platforms.
> Michael
> -------------------------------------------------------------------
> List admin:
> Etiquette:

List admin:
Received on 2014-07-03