aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorViktor Szakats <vszakats@users.noreply.github.com>2017-08-30 21:10:38 +0000
committerViktor Szakats <vszakats@users.noreply.github.com>2017-09-22 19:01:28 +0000
commit6f86022df26243cc8a035fe8b4c89033b6a04bc0 (patch)
treea18d9ba9de9668fd3034e62a2a66908d835b3ed3 /lib/vtls
parent7c52b12dd4721d4c5591cefa078d256331e56999 (diff)
ntlm: use strict order for SSL backend #if branches
With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL One option would be to use the same SSL backend as was configured via `curl_global_sslset()`, however, NTLMv2 support would appear to be available only with some SSL backends. For example, when eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced support for NTLMv1 using Windows' Crypt API, it specifically did *not* introduce NTLMv2 support using Crypt API at the same time. So let's select one specific SSL backend for NTLM support when compiled with multiple SSL backends, using a priority order such that we support NTLMv2 even if only one compiled-in SSL backend can be used for that. Ref: https://github.com/curl/curl/pull/1848
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/vtls.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index f1a11ea58..b85b365e5 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -124,6 +124,15 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
#define ALPN_HTTP_1_1_LENGTH 8
#define ALPN_HTTP_1_1 "http/1.1"
+/* If NTLM is the first available SSL backend (see order in curl_ntlm_core)
+ then it must be initialized to be used by NTLM. */
+#if !defined(USE_OPENSSL) && \
+ !defined(USE_GNUTLS_NETTLE) && \
+ !defined(USE_GNUTLS) && \
+ defined(USE_NSS)
+#define NTLM_NEEDS_NSS_INIT
+#endif
+
/* set of helper macros for the backends to access the correct fields. For the
proxy or for the remote host - to properly support HTTPS proxy */