diff options
author | Steve Holme <steve_holme@hotmail.com> | 2014-08-06 00:12:53 +0100 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2014-08-06 07:17:13 +0100 |
commit | f8af8606a5420e2cfb17f2f32d750b6b2e7b52f9 (patch) | |
tree | 703b7f17356efe1ba4da272718a05ee77105aa52 /docs/TODO | |
parent | 524833e155e0df6b96dba645832a3c99db4d287e (diff) |
http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8
If the server rejects our authentication attempt and curl hasn't
called CompleteAuthToken() then the status variable will be
SEC_I_CONTINUE_NEEDED and not SEC_E_OK.
As such the existing detection mechanism for determining whether or not
the authentication process has finished is not sufficient.
However, the WWW-Authenticate: Negotiate header line will not contain
any data when the server has exhausted the negotiation, so we can use
that coupled with the already allocated context pointer.
Diffstat (limited to 'docs/TODO')
0 files changed, 0 insertions, 0 deletions