Re: Incoming DES headache with OpenSSL 3

On Tue, Mar 24, 2020 at 4:49 PM Daniel Stenberg via curl-library wrote: > > Hi friends! > > The current git master of OpenSSL gives us some clues of what's going to > happen when OpenSSL version 3 ships, planned for Q3 2020 I believe. I make a > curl build against that every once in a while to

Re: rpmbuild of curl/libcurl 7.63.0 fails on Mageia Linux v7 x86-64 due to make test link problem

On Tue, Jan 1, 2019 at 2:18 PM Paul Howarth via curl-library wrote: > > On Tue, 1 Jan 2019 11:28:55 +0200 > Shlomi Fish via curl-library wrote: > > CCLD libstubgss.la > > /usr/bin/ld: .libs/libstubgss_la-stub_gssapi.o: in function > > `gss_init_sec_context': > >

Re: rpmbuild of curl/libcurl 7.63.0 fails on Mageia Linux v7 x86-64 due to make test link problem

On Tue, Jan 1, 2019 at 11:38 AM Shlomi Fish via curl-library wrote: > > CC libstubgss_la-stub_gssapi.lo > CCLD libstubgss.la > /usr/bin/ld: .libs/libstubgss_la-stub_gssapi.o: in function > `gss_init_sec_context': >

Re: Does libcurl support Kerberos constrained delegation?

> On Mon, Jul 9, 2018 at 2:49 AM Isaac Boukris wrote: > >> >> >> On Mon, Jul 9, 2018, 05:30 Sachin Nikumbh wrote: >> >>> Hi, >>> >>> >>> >>> I am looking at libcurl’s support on Kerberos delegation. >>>

Re: NTLM and Squid Proxy Server

On Fri, Aug 11, 2017 at 12:21 PM, Hölzl, Dominik wrote: > Hello! > > When I use cURL (Library from a C++-Program on Windows 10, cURL version > 7.49.1) and connecting to an IIS Web Server using NTLM Authentication (with > Username+Password, HTTP) over a Squid Proxy

Re: [Win][SSPI] proper authentication using SSPI ?

On Mon, Jun 26, 2017 at 10:18 PM, Павел Н via curl-library wrote: > 26.06.2017, 16:49, "Павел Н via curl-library" : >> Hi all. >> >> Long time curl and libcurl user and suffering as long to enter proxy creds >> to the command line. >> >> In

Re: mbed TLS and curl-config and NTLM

On Tue, Apr 18, 2017 at 2:06 AM, Dan Fandrich wrote: > Tests 1013 and 1014 for my mbed TLS autobuilds are failing, due to invalid > output of curl-config --features and --protocols. The problem is that the > configure check that determines if SMB and NTLM support is

Re: curl can not stop sending after it received FIN

On Apr 12, 2017 8:12 PM, "Gisle Vanem via curl-library" < curl-library@cool.haxx.se> wrote: Tanyaofeng wrote: 4.We found an issue: > > The file server was shut down during sending file data, the curl can’t > stop sending data after it received FIN from > Http Proxy Server until file data was

Re: NTLM auth to server when Negotiate is used with a proxy is broken in libcurl 7.51.0

Hi Marton, (please avoid top-posting, it makes it hard to follow - see etiquette link below) On Thu, Mar 23, 2017 at 11:16 AM, Marton Legeny wrote: > Hi Isaac, > > Thanks for your explanation - however, I don't think that fix can be > generically applied to

Re: compiling libcurl without libgss

On Wed, Mar 22, 2017 at 5:32 PM, Christopher Harvey wrote: > disabling SSL by using --wthout-ssl gives the following ldd output: > > ldd ./lib/.libs/libcurl.so.4.4.0 Maybe the ssl library somehow depends on gss, you can see libcurl's direct dependencies with: readelf -d

Re: NTLM auth to server when Negotiate is used with a proxy is broken in libcurl 7.51.0

On Wed, Mar 22, 2017 at 12:25 PM, Marton Legeny wrote: > Basically what's happening is the following: > > 1) curl sends a HTTP GET to the target, including the first message of the > NTLM auth > 2) The proxy replies with 407 and tells the client to use

Re: Change doc for --insecure to say it doesn't apply to HTTPS-proxy?

On Mar 6, 2017 7:20 AM, "Ray Satiro via curl-library" < curl-library@cool.haxx.se> wrote: --insecure [1] is documented as making all connections insecure: 'This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure

Re: HTTP POST/PUT request with NTLM authentication leads to HTTP Status 411 Length required

On Fri, Feb 3, 2017 at 12:11 PM, Hölzl, Dominik wrote: > I have figured out what the problem is and how it is reproducible (Adopted > from the POST example https://curl.haxx.se/libcurl/c/http-post.html): > > /* Add some headers, in this case a redundant

Re: HTTP POST/PUT request with NTLM authentication leads to HTTP Status 411 Length required

On Thu, Feb 2, 2017 at 2:16 PM, Hölzl, Dominik wrote: > Hello! > > > > I have the following problem: > > > > I want to perform an HTTP POST request, PUT request or another custom > request (CURLOPT_CUSTOMREQUEST) with some data (CURLOPT_UPLOAD, >

Re: hi

Hi, On Wed, Dec 14, 2016 at 3:42 PM, Gregory Davis wrote: > i have these Curl command lines i would to transform to C but don’t know how > to do it > is there any tutorials or pdfs on doing this? my end goal is to write it into > a module that use c+ or c Sharp

Re: hi

On Wed, Dec 14, 2016 at 6:57 PM, Alex Bligh wrote: > > Curl's feature that it will spit out the C code used to perform the > operation given is very unusual so it is not surprising you don't > know how to do it. Indeed, it is an uncommon yet wonderful feature ;-)

Re: Kerberos connections are not left open

Hi, Please avoid top-posting, it make sit hard to follow. See etiquette link below. On Wed, Nov 30, 2016 at 5:22 PM, Lutfi Dwedari wrote: > > Hi again. > > I implemented a setting to indicate that I want to persist the connection on > the next perform call. I see that

Re: Kerberos connections are not left open

Hi, On Tue, Nov 29, 2016 at 1:33 PM, Lutfi Dwedari wrote: > I’m trying to implement a file uploader using libcurl. The authentication > must be done using Kerberos. The issue that I’m encountering is that the > file is being sent three times to the sever (one for each

Re: CURLOPT_TCP_NODELAY by default

On Fri, Jul 1, 2016 at 9:56 AM, Ray Satiro via curl-library wrote: > On 6/30/2016 9:11 AM, Daniel Stenberg wrote: >> >> Since we once again got hit by the TCP_NODELAY causing a weirdo >> performance behavior, I move to making it enabled by default. As the >> attached

Re: Remove HTTP Pipelining support?

Hi, On Fri, Apr 8, 2016 at 9:16 AM, Daniel Stenberg wrote: > Hi frends, > > I'd like to open this discussion. If you use HTTP Pipelining in your > application I'd be very interested to know how you'd view a future without > support for it in libcurl. I'm not using pipelining so

Re: Option to specify Kerberos credential-cache when used via GSSAPI

Hi again, On Wed, Mar 23, 2016 at 10:30 PM, Steve Holme <steve_ho...@hotmail.com> wrote: > On Wed, 23 Mar 2016, Isaac Boukris wrote: >> I'd like to suggest adding a new option to libcurl - CURLOPT_KRB_CCACHE. Following a discussion on the pull-request, I changed

Re: Option to specify Kerberos credential-cache when used via GSSAPI

Hi Steve, On Wed, Mar 23, 2016 at 9:30 PM, Steve Holme wrote: > It has been on my TODO list for a while but I would like to see specific > user support as well (for -u user) like SSPI can do - is that something that > the credentials-cache can help with or are the two

Option to specify Kerberos credential-cache when used via GSSAPI

Hello all, When libcurl is used in server-side application which runs transfers on behalf of different users, it would be useful to be able to specify different Kerberos credential-cache for each transfer. I'd like to suggest adding a new option to libcurl - CURLOPT_KRB_CCACHE. The string

Re: Link between curl_easy handle and connection

On Mon, Mar 7, 2016 at 3:30 PM, Pierre Brico wrote: > > Hi Isaac, > > To my knowledge, the multi interface allows just you to manipulate several > easy handles at a time (asynchronously) but doesn't give access to the > underlying connection to the server. Am I wrong ?

Re: Link between curl_easy handle and connection

Hi, On Mon, Mar 7, 2016 at 1:15 AM, Daniel Stenberg wrote: > On Sun, 6 Mar 2016, Pierre Brico wrote: > >> So my question is: is it possible to link one connection to one CURL >> handle (no pool usage)? > > > In theory it should be fairly easy to have each easy handle use its own

Re: easy argument in curl_multi_socket_action's callback function

Hi, On Mon, Dec 7, 2015 at 5:21 PM, Dan Tsohar wrote: > Hi, > In my particular case, I am trying to perform NTLM authentication using the > multi interface. I am creating easy handles with CURLOPT_FRESH_CONNECT=1 but > I still see more than one socket being used per one easy

Re: Curl_sasl_build_spn does not do rDNS lookup when forming SPN

s. I think the gssapi library is a better place for name canonization. > On Sun, Oct 18, 2015 at 2:12 AM, Isaac Boukris <ibouk...@gmail.com> wrote: >> >> Hi, >> >> On Sun, Oct 18, 2015 at 3:03 AM, Wenlong Dong <wdon...@gmail.com> wrote: >> > Hi,

Re: Curl_sasl_build_spn does not do rDNS lookup when forming SPN

Hi, On Sun, Oct 18, 2015 at 3:03 AM, Wenlong Dong wrote: > Hi, > > When Curl forms the service principal given the service name, it simply > formats the service principal name with "/" in > Curl_sasl_build_spn. The "" is basically the host name part of > the URL. So if the

Re: LibCurl with NTLM and Kerberos authentication

On Sep 3, 2015 1:06 AM, "Joel DePooter" wrote: > > You likely need to set the username and password option to ":" in > order to make this work. For example: > > static const char* empty_user_password = ":"; > curl_easy_setopt( easy_handle, CURLOPT_USERPWD ,

Re: Support for TLS-PSK mode (RFC 4279)

On Fri, Aug 21, 2015 at 5:21 PM, Daniel Stenberg dan...@haxx.se wrote: On Fri, 21 Aug 2015, Isaac Boukris wrote: Here is a link to my current work (tested with stunnel): https://github.com/frenche/curl/commit/84a400ffd745dd7941b5bd0a2075ecd098ef608e Just a minor request though: it makes

Support for TLS-PSK mode (RFC 4279)

Hello, I am trying to add support for TLS-PSK (OpenSSL) which is - in some scenarios - more fit and secure than self-signed certificates as it provides mutual authentication. Here is a link to my current work (tested with stunnel):

Re: the new site layout went live

Hi, On Wed, Jun 10, 2015 at 12:26 PM, Daniel Stenberg dan...@haxx.se wrote: Hey all, Thanks for the feedback. I've just pushed some 40 commits to the web repo and the new web site layout is live. Simpler, narrower, easier on the eye and decently functional even on small screens. On my

Re: CURLAUTH_ANY causes authention failure

Hi, On Fri, Jun 5, 2015 at 9:26 PM, Jeroen Ooms jeroen.o...@stat.ucla.edu wrote: For the libcurl bindings in the R programming language, I would like to user to be able to connect to an arbitrary server using any authentication method. However setting CURLOPT_HTTPAUTH to CURLAUTH_ANY actually

Re: [Patch] Negotiate - avoid empty request if CURLAUTH_NEGOTIATE is explicitly picked.

Hi Steve / all, On Mon, Feb 9, 2015 at 11:37 PM, Steve Holme steve_ho...@hotmail.com wrote: On Sun, 8 Feb 2015, Isaac Boukris wrote: Note, just before sending I noticed these changes would probably impact on 'http_negotiate_sspi.c' as well... I'll look at it if necessary. Yes

Re: [Patch] Negotiate - avoid empty request if CURLAUTH_NEGOTIATE is explicitly picked.

Hi, On Wed, Feb 11, 2015 at 1:06 AM, Steve Holme steve_ho...@hotmail.com wrote: The old code was: token.length = strlen(service) + 1 + strlen(proxy ? conn-proxy.name : conn-host.name) + 1; Yeah - I couldn't quite work out which part of that code was right and which was wrong - especially

Re: [Patch] Negotiate - avoid empty request if CURLAUTH_NEGOTIATE is explicitly picked.

Hi Steve, On Mon, Feb 9, 2015 at 11:37 PM, Steve Holme steve_ho...@hotmail.com wrote: On Sun, 8 Feb 2015, Isaac Boukris wrote: Also, it doesn't seem to have been the initial intention - see this quote from the comment in the source (http.c): Then we set the picked one to the want one

[Patch] Negotiate - avoid empty request if CURLAUTH_NEGOTIATE is explicitly picked.

Hi all, When the app sets CURLOPT_HTTPAUTH to CURLAUTH_NEGOTIATE (e.g. using curl --negotiate) it first sends an empty request and receives a 401 unauthorized before invoking GSS-API to the 'Negotiate Authorization' header. This is different from the behavior of NTLM and Basic and seem