cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token

From: Michael Osipov <>
Date: Fri, 11 Jul 2014 12:21:25 +0200

Am 2014-07-11 11:50, schrieb David Woodhouse:
> On Fri, 2014-07-11 at 11:24 +0200, Michael Osipov wrote:
>> That is absolutely true. This is an area which I want to improve in curl
>> mid-term. The reason for fbopenssl was probably some one did not hav a
>> capable GSS-API version.
> Probably. Although that's less of an excuse these days, since everyone
> *should* have a GSSAPI implementation that does SPNEGO by now.

Yes, but some stupid vendors are still lacking. HP is too stupid to
update their packaged GSS-API version. They ship 1.3.5 and supply
security patches on top. Horribly old and broken. But I have managed to
compile the latest MIT Kerberos on HP-UX with great success. It works
flawlessly with curl. For those in need, I am willing to help to make it
run on HP-UX. Patch has been submitted already.

>> I waiting for this patch to be merged and then
>> I could adapt and patch the source code in a way were FTP
> I firmly believe that the way forward here is to rip out the FBOpenSSL
> bit altogether. I'm working on that now; to quote the commit message
> from
> [...]

Yes, that is way better. My patch was intended as intermediate only.
Your approach resembles mine. Rip out fbopenssl and make it use GSS-API

Your patch looks good but not complete, right? I would like to follow
your improvements, make comments what can done even better. What I had
in mind additionally to have '--kerberos' react on 'WWW-Authenticate:
Kerberos' too.

More over, I can test the entire stuff on three Unix OSes against
GSS-API, SSPI, and JGSS. So, a very good test coverage should be
achieved. Servers on FreeBSD, Windows Servers, HP-UX and HTTP proxy on
Windows Server.

If Daniel and/or someone else is willing to merge your patches, my two
patches should be halted and discarded when you provide yours.

List admin:
Received on 2014-07-11