spnego_sspi: honor CURLOPT_GSSAPI_DELEGATION on Windows SSPI builds#21528
Closed
xsgao-github wants to merge 1 commit into
Closed
spnego_sspi: honor CURLOPT_GSSAPI_DELEGATION on Windows SSPI builds#21528xsgao-github wants to merge 1 commit into
xsgao-github wants to merge 1 commit into
Conversation
|
Analysis of PR #21528 at b7d4c901: Test 3302 failed, which has NOT been flaky recently, so there could be a real issue in this PR. Note that this test has failed in 2 different CI jobs (the link just goes to one of them). Generated by Testclutch |
There was a problem hiding this comment.
Pull request overview
This PR aims to make CURLOPT_GSSAPI_DELEGATION effective on Windows builds that use SSPI (instead of a native GSS-API implementation), so Kerberos delegation can be requested during SPNEGO/Negotiate authentication.
Changes:
- Store
CURLOPT_GSSAPI_DELEGATIONindata->set.gssapi_delegationon SSPI builds by extending existingHAVE_GSSAPIcompile guards. - Request SSPI delegation in
InitializeSecurityContext()when delegation is enabled. - Add unit test
unit3302+ test casetest3302to verify the option value is stored/masked correctly.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/unit/unit3302.c | New unit test verifying CURLOPT_GSSAPI_DELEGATION stores/masks flags correctly. |
| tests/unit/Makefile.inc | Registers unit3302.c in the unit test build. |
| tests/data/test3302 | Adds a test definition for the new unit test. |
| tests/data/Makefile.am | Registers test3302 in the test cases list. |
| lib/vauth/spnego_sspi.c | Adds SSPI InitializeSecurityContext() request flags for delegation. |
| lib/urldata.h | Makes UserDefined.gssapi_delegation available on SSPI builds. |
| lib/setopt.c | Enables the CURLOPT_GSSAPI_DELEGATION setopt handler on SSPI builds. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
xsgao-github
force-pushed
the
master
branch
3 times, most recently
from
2a20da4 to
47f100f
Compare
vszakats
requested changes
May 11, 2026
Member
|
IMO a more human-readable non-LLM generated commit message would improve this patch. |
…ws builds that use SSPI (instead of a native GSS-API implementation), so Kerberos delegation can be requested during SPNEGO/Negotiate authentication. Changes: Store CURLOPT_GSSAPI_DELEGATION in data->set.gssapi_delegation on SSPI builds by extending existing HAVE_GSSAPI compile guards. Request SSPI delegation in InitializeSecurityContext() when delegation is enabled. Add unit test unit3302 + test case test3302 to verify the option value is stored/masked correctly.
vszakats
approved these changes
May 12, 2026
Member
|
thanks! |
outcast36
pushed a commit
to greearb/curl
that referenced
this pull request
Jun 3, 2026
Make CURLOPT_GSSAPI_DELEGATION effective on Windows builds that use SSPI (instead of a native GSS-API implementation), so Kerberos delegation can be requested during SPNEGO/Negotiate authentication. Closes curl#21528
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
This PR aims to make CURLOPT_GSSAPI_DELEGATION effective on Windows builds that use SSPI (instead of a native GSS-API implementation), so Kerberos delegation can be requested during SPNEGO/Negotiate authentication.
Fix
Store CURLOPT_GSSAPI_DELEGATION in data->set.gssapi_delegation on SSPI builds by extending existing HAVE_GSSAPI compile guards.
Request SSPI delegation in InitializeSecurityContext() when delegation is enabled.
Tests
Add unit test unit3302 to verify the option value is stored/masked correctly.
Closes #2859