cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH 4/6] Deprecate GSS-Negotiate related macros due to bad naming

From: Michael Osipov <>
Date: Sat, 19 Jul 2014 15:54:08 +0200

Am 2014-07-19 00:17, schrieb Daniel Stenberg:
> On Thu, 17 Jul 2014, Michael Osipov wrote:
>> case 'l': /* --negotiate */
>> if(toggle) {
>> - if(curlinfo->features & CURL_VERSION_GSSNEGOTIATE)
>> - config->authtype |= CURLAUTH_GSSNEGOTIATE;
>> + if(curlinfo->features & CURL_VERSION_GSSAPI ||
>> + curlinfo->features & CURL_VERSION_SSPI)
>> + config->authtype |= CURLAUTH_NEGOTIATE;
> It feels strange that you want this done in patch 4 and then in patch 5
> you again change this very code again. Can you squash them instead to a
> single change?

Oh yes, you are correct that was an oversight. Simply an intermediate
misuse. I will squash and reroll.

> Is there a point in using both terms Negotiate and SPNEGO in symbol
> names if SPNEGO is required to do Negotiate?

Actually not, I have retained --negotiate for backwards compat. SPNEGO
[1] is required to perform Negotiate over HTTP [2] and any other
transport, e.g. SMTP, LDAP, IMAP, etc. via SASL.

In general, you need CURLAUTH_SPNEGO and CURL_VERSION_SPNEGO only. I
have added them in preperations of a more generalized approach of auth
in curl, e.g., SASL with GSS-API through Kerberos and SPNEGO. I
discussed this with Steve recently. That's is why you see the added TODOs.

If you'd like, I can complete that generalized change with *_SPNEGO,
replace internal symbols and deprecate external ones:

- --negotiate aliased to --spnego, --proxy.. repesctively

When Steve would add GSS-API support to SASL auth, we could easily do:

$ curl --(kerberos|spnego) -u : --verbose
$ curl --(kerberos|spnego|negotiate) -u : --verbose



PS: I'll squash when you say to what extent.

List admin:
Received on 2014-07-19