Skip to content
Snippets Groups Projects
Select Git revision
  • master-tlmsp default
  • master-tlmsp-latest-curl
  • bagder/runtests-duration
  • bagder/disable-progress-meter
  • master protected
  • bagder/parallel-transfers
  • bagder/hsts-rebased
  • QUIC
  • bagder/FOLLOW_IGNORE_CUSTOM
  • bagder/test-when-disabled
  • jay/test
  • bagder/curl-better-disabled-options
  • bagder/wolfssh
  • dfandrich/ci
  • TFO-windows
  • bagder/schannel-verifyhost
  • bagder/mbedtls-ssl_read-zero
  • bagder/wolfssl-crl
  • curl-7_65_1
  • curl-7_65_0
  • curl-7_64_1
  • curl-7_64_0
  • curl-7_63_0
  • curl-7_62_0
  • curl-7_61_1
  • curl-7_61_0
  • curl-7_60_0
  • curl-7_59_0
  • curl-7_58_0
  • curl-7_57_0
  • curl-7_56_1
  • curl-7_56_0
  • curl-7_55_1
  • curl-7_55_0
  • curl-7_54_1
  • curl-7_54_0
  • curl-7_53_1
  • curl-7_53_0
38 results
Compare
user avatar
http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194
Steve Holme authored 
If the server rejects our authentication attempt and curl hasn't
called CompleteAuthToken() then the status variable will be
SEC_I_CONTINUE_NEEDED and not SEC_E_OK.

As such the existing detection mechanism for determining whether or not
the authentication process has finished is not sufficient.

However, the WWW-Authenticate: Negotiate header line will not contain
any data when the server has exhausted the negotiation, so we can use
that coupled with the already allocated context pointer.
f8af8606
History
user avatar f8af8606
History
Name Last commit Last update