2012/4/23 Guenter <[email protected]> > > Am 23.04.2012 14:50, schrieb Yang Tse: > >> Just a heads up with this commit 2976de48 and subsequent ones... >> >>> Added version information for Windows SSPI to curl's main version >>> string and removed SSPI from the features string. >> >> >> Please notice that, even when inexact, existing situation in curl's >> code base up to that commit was that USE_WINDOWS_SSPI actually meant >> USE_WINDOWS_SSO and that the SSPI feature actually meant SSO. >> >> For that reason, feature SSPI was a feature and had no version, it >> actually represented SSO 'single sign on' capability. >> >> This has been something we have been carrying over the years without >> anyone bothering to fix the situation, all of this due to the fact >> that at some point in the past SSPI for Microsoft represented 'single >> signing point infraestructure' or similar and in recent times it >> actually represents 'Security Support Provider Interface'. >> >> Notice that what curl has been calling SSPI is implemented in the code >> base using different crypto libraries and code paths. Now that the >> modern SSPI interpretation seems to be necesary we should fix existing >> situation before pushing in the new SSPI stuff or we are going to >> break builds quite badly. >> >> Additionally it is very likely that currently at some point >> USE_WINDOWS_SSPI is misused. >> >> So I would suggest that before going any further with the SSPI stuff >> we do the following... >> >> 1) Revert 2976de48 and subsequent related commits. And... >> 2) Rename USE_WINDOWS_SSPI to USE_WINDOWS_SSO. And... >> 3) Rename feature SSPI to SSO. And... >> 4) Verify if usage of USE_WINDOWS_SSO seems appropriate wherever it is used. >> > +1 - sounds reasonable ...
Sure, that's a good plan, but I don't think that USE_WINDOWS_SSPI is misused everythere. The NTLM and other authentication parts should probably use USE_WINDOWS_SSO, but IMHOÂ for example the shared curl_sspi.[ch] file should actually stay with USE_WINDOWS_SSPI. I think the best approach is to have USE_WINDOWS_SSPI there for shared SSPI functionality that is being required by the then newly introduced switches USE_WINDOWS_SSO and later USE_WINDOWS_SCHANNEL. Best regards, Marc ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
