Commit c2b3f264 authored by Marcel Raad's avatar Marcel Raad Committed by Daniel Stenberg
Browse files

CONNECT_ONLY: don't close connection on GSS 401/407 reponses 

Previously, connections were closed immediately before the user had a
chance to extract the socket when the proxy required Negotiate
authentication.

This regression was brought in with the security fix in commit
79b9d5f1

Closes #655
parent e24e1c9c

lib/http.c

+4 −2
Original line number Diff line number Diff line
@@ -1454,8 +1454,10 @@ CURLcode Curl_http_done(struct connectdata *conn, 
     data->state.negotiate.state == GSS_AUTHSENT) {

    /* add forbid re-use if http-code != 401/407 as a WA only needed for

     * 401/407 that signal auth failure (empty) otherwise state will be RECV

     * with current code */

    if((data->req.httpcode != 401) && (data->req.httpcode != 407))

     * with current code.

     * Do not close CONNECT_ONLY connections. */

    if((data->req.httpcode != 401) && (data->req.httpcode != 407) &&

       !data->set.connect_only)

      connclose(conn, "Negotiate transfer completed");

    Curl_cleanup_negotiate(data);

  }