Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upcurl --fail --negotiate behavior changed between 7.64.0 and 7.65.0 #3992
Comments
This comment has been minimized.
This comment has been minimized.
We should up our efforts in adding tests for GSS... |
This comment has been minimized.
This comment has been minimized.
@bagder yeah... Heimdal has a useful tool for testing, |
This comment has been minimized.
This comment has been minimized.
I do not think that you need to have a working GSS setup to test this class of bugs. These bugs are about changes of behavior in cases where Before 6c60355 there was either no failure at all (because |
This comment has been minimized.
This comment has been minimized.
It is not only
... and will open a pull request once I have some test-coverage for it... |
If HTTPAUTH_GSSNEGOTIATE was used for a POST request and gss_init_sec_context() failed, the POST request was sent with empty body. This commit also restores the original behavior of `curl --fail --negotiate`, which was changed by commit 6c60355. Add regression tests 2077 and 2078 to cover this. Fixes curl#3992
Per #3726 I am opening a new issue for this.
fails with exit code 22 and no useful messages. Enabling verbose output also shows nothing telling about what happened.
The issue is that if even the initial
gss_init_sec_context()
call fails, thenconn->data->state.authproblem
gets set toTRUE
.Certainly for HTTP/Negotiate (and only HTTP/Negotiate) any failures of followup
gss_init_sec_context()
calls (when theinput_token
is non-empty) should be fatal, but not the initial one.