37. Having more than one connection to the same host when doing NTLM authentication (with performs multiple "passes" and authenticates a connection rather than a HTTP request), and particularly when using the multi interface, there's a risk that libcurl will re-use a wrong connection when doing the different passes in the NTLM negotiation and thus fail to negotiate (in seemingly mysterious ways).
I just uploaded a test case to reproduce this problem (the top commit of https://github.com/JoeNotCharles/curl/commits/ntlm_connect - test2032). I'm going on vacation tomorrow for a week; when I get back I'm going to try to fix it. It would be great if somebody can use this reproduction to fix it before then - it should be pretty simple! (I believe that ConnectionExists needs to add a check if the request is NTLM and has already used a connection, it should re-use that connection if possible; currently it just uses the first connection that it can't rule out.) After this is fixed I'll get back to writing unit tests for the auth callback, so hopefully I'll be able to get it committed soon. Joe --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
