CONNECT_ONLY: don't close connection on GSS 401/407 reponses

Previously, connections were closed immediately before the user had a chance to extract the socket when the proxy required Negotiate authentication. This regression was brought in with the security fix in commit 79b9d5f1a42578f Closes #655
author: Marcel Raad <raad@teamviewer.com> 2016-02-15 08:58:36 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2016-04-26 23:01:56 +0200
commit: c2b3f264cb5210f82bdc84a3b89250a611b68dd3 (patch)
tree: 3887fe4cf646d3c435486ef56c034d0f932a3ec8
parent: e24e1c9cc62517f41621391399327ec540c13835 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/http.c b/lib/http.c
index 1b1cd2235..471685001 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1454,8 +1454,10 @@ CURLcode Curl_http_done(struct connectdata *conn,
      data->state.negotiate.state == GSS_AUTHSENT) {
     /* add forbid re-use if http-code != 401/407 as a WA only needed for
      * 401/407 that signal auth failure (empty) otherwise state will be RECV
-     * with current code */
-    if((data->req.httpcode != 401) && (data->req.httpcode != 407))
+     * with current code.
+     * Do not close CONNECT_ONLY connections. */
+    if((data->req.httpcode != 401) && (data->req.httpcode != 407) &&
+       !data->set.connect_only)
       connclose(conn, "Negotiate transfer completed");
     Curl_cleanup_negotiate(data);
   }
author	Marcel Raad <raad@teamviewer.com>	2016-02-15 08:58:36 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2016-04-26 23:01:56 +0200
commit	c2b3f264cb5210f82bdc84a3b89250a611b68dd3 (patch)
tree	3887fe4cf646d3c435486ef56c034d0f932a3ec8
parent	e24e1c9cc62517f41621391399327ec540c13835 (diff)