spnego_sspi: add support for channel binding

Attempt to add support for Secure Channel binding when negotiate authentication is used. The problem to solve is that by default IIS accepts channel binding and curl doesn't utilise them. The result was a 401 response. Scope affects only the Schannel(winssl)-SSPI combination. Fixes https://github.com/curl/curl/issues/3503 Closes https://github.com/curl/curl/pull/3509
author: georgeok <giorgos.n.oikonomou@gmail.com> 2019-01-29 18:26:31 +0100
committer: Marcel Raad <Marcel.Raad@teamviewer.com> 2019-02-01 09:56:27 +0100
commit: a730432e59754df97c8985eb3094ca1cdd3e4955 (patch)
tree: 3e19c162afb855193a7ef4db1419a3f80b0d9392 /lib/http_negotiate.c
parent: 463f16d188f9e7fae2e71a6b3160d391fbe8ff18 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 4713d1bd5..2a97707eb 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -89,6 +89,11 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
     }
   }
 
+  /* Supports SSL channel binding for Windows ISS extended protection */
+#if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS)
+  neg_ctx->sslContext = conn->sslContext;
+#endif
+
   /* Initialize the security context and decode our challenge */
   result = Curl_auth_decode_spnego_message(data, userp, passwdp, service,
                                            host, header, neg_ctx);
author	georgeok <giorgos.n.oikonomou@gmail.com>	2019-01-29 18:26:31 +0100
committer	Marcel Raad <Marcel.Raad@teamviewer.com>	2019-02-01 09:56:27 +0100
commit	a730432e59754df97c8985eb3094ca1cdd3e4955 (patch)
tree	3e19c162afb855193a7ef4db1419a3f80b0d9392 /lib/http_negotiate.c
parent	463f16d188f9e7fae2e71a6b3160d391fbe8ff18 (diff)