cURL / Mailing Lists / curl-library / Single Mail


Aw: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Michael-O <>
Date: Thu, 3 Jul 2014 12:40:26 +0200

That behavior is correct.

Gesendet: Donnerstag, 03. Juli 2014 um 12:31 Uhr
Von: "Leonardo Rosati" <>
An: "libcurl development" <>
Betreff: Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

I've tried debugging with WireShark with a proxy with negotiation (ISA Server) and CURL does not pass user/password to the proxy even if specified. The machine is authenticated just in case it is part of the domain.
Code in http_negotiate-sspi.c is different from the http_ntlm.c, which, correctly, passes username/password
Anyone has verified negotiation passes credentials?
2014-06-27 22:27 GMT+02:00 Michael Osipov <>:Am 2014-06-27 11:11, schrieb Leonardo Rosati:

looking at the source code of http_negotiate-sspi.c the code doesn't use
the user/password in case they are passed by the user, in practice assuming
the proxy to authenticate the connection based on if the machine is in the
domain or not.
instead the code for ntlm is different: it passes user/password in case
they are not empty and so user/password are used for authentication

I think the correct behavior is the one for ntlm and therefore the
negotiate method should be changed.I don't think so. The intention in both is to have credentials already present at/after login time. At least for NTLM on Windows and SPNEGO on all platforms.


List admin:[]
Etiquette:[]------------------------------------------------------------------- List admin:[] Etiquette:[]

List admin:
Received on 2014-07-03