On 04/06/2015 05:26 PM, Linus Nielsen wrote:
> On 04/04/2015 12:51 AM, Daniel Stenberg wrote:
>> Thanks! I'm fine with the change and as there's at least one user saying
>> it looks fine I'm happy. I have no way of testing this myself. The
>> changes seems totally benign to me.
>
> One thing worries me a little, the CURLOPT_PROXY_SERVICE_NAME option.
> The default is "rcmd", since it was a socks5-only option. If I use this
> option for the Kerberos/SPNEGO/Digest proxy negotiation, the default
> name will be incorrect.
>
> We can probably fix this in the curl tool, but libcurl applications will
> stop working unless they set CURLOPT_PROXY_SERVICE_NAME to "HTTP" when
> connecting to a Kerberos/SPNEGO/Digest proxy.
>
> The current patch does not use CURLOPT_PROXY_SERVICE_NAME for
> Kerberos/SPNEGO/Digest proxies (hardcoded to "HTTP"), but that seems
> wrong as well. The whole point of replacing
> CURLOPT_SOCKS5_GSSAPI_SERVICE was to have one option for all mechanisms,
> but that will break one or the other.
>
> Perhaps I should take a step back and keep the
> CURLOPT_SOCKS5_GSSAPI_SERVICE option as-is, and add the
> CURLOPT_PROXY_SERVICE_NAME for all other mechanisms.
>
> Thoughts?
>
> Linus
>

In lack of feedback, I decided to take that backwards step and not
deprecate CURLOPT_SOCKS5_GSSAPI_SERVICE. Here is a new patch.

Linus

Received on 2015-04-17