25 files changed, 107 insertions, 43 deletions
diff --git a/CHANGES b/CHANGES
index 009a43f7e..bb1372cc6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Daniel (7 June 2006)
+- Mikael Sennerholm provided a patch that added NTLM2 session response support
+  to libcurl. The 21 NTLM test cases were again modified to comply...
+
 Daniel (27 May 2006)
 - �scar Morales Viv� updated the libcurl.framework.make file.
 
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 2b4083599..cc1d28204 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -5,12 +5,13 @@ Curl and libcurl 7.15.4
  Available command line options:           112
  Available curl_easy_setopt() options:     132
  Number of public functions in libcurl:    49
- Amount of public web site mirrors:        32
+ Amount of public web site mirrors:        33
  Number of known libcurl bindings:         32
  Number of contributors:                   492
 
 This release includes the following changes:
 
+ o NTLM2 session response support
  o CURLOPT_COOKIELIST set to "SESS" clears all session cookies
  o CURLINFO_LASTSOCKET returned sockets are now checked more before returned
  o curl-config got a --checkfor option to compare version numbers
@@ -46,13 +47,17 @@ This release includes the following bugfixes:
  o TFTP transfers could trash data
  o -d + -G combo crash
 
-Other curl-related news since the previous public release:
+Other curl-related news:
 
- o http://curl.de-mirror.de/ is a new mirror in Aachen, Germany
- o http://curl.osmirror.nl/ is a new mirror in Amsterdam, the Netherlands
  o tclcurl 0.15.3 was released:
    http://personal1.iddeo.es/andresgarci/tclcurl/english/
- o http://curl.usphp.com/ is a new mirror in Florida, US
+
+New curl mirrors:
+
+ o http://curl.webdesign-zdg.de/ in Frankfurt, Germany
+ o http://curl.de-mirror.de/ in Aachen, Germany
+ o http://curl.osmirror.nl/ in Amsterdam, the Netherlands
+ o http://curl.usphp.com/ in Florida, US
 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
@@ -60,6 +65,6 @@ advice from friends like these:
  Dan Fandrich, Ilja van Sprundel, David McCreedy, Tor Arntsen, Xavier Bouchoux,
  David Byron, Michele Bini, Ates Goral, Katie Wang, Robson Braga Araujo,
  Ale Vesely, Paul Querna, Gisle Vanem, Mark Eichin, Roland Blom, Andreas
- Ntaflos, David Shaw, Michael Wallner, Olaf St�ben
+ Ntaflos, David Shaw, Michael Wallner, Olaf St�ben, Mikael Sennerholm
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index 2dc293d9b..01f049f24 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -51,6 +51,7 @@
 #include "http_ntlm.h"
 #include "url.h"
 #include "memory.h"
+#include "ssluse.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -59,7 +60,9 @@
 
 #include <openssl/des.h>
 #include <openssl/md4.h>
+#include <openssl/md5.h>
 #include <openssl/ssl.h>
+#include <openssl/rand.h>
 
 #if OPENSSL_VERSION_NUMBER < 0x00907001L
 #define DES_key_schedule des_key_schedule
@@ -94,6 +97,10 @@ static PSecurityFunctionTable s_pSecFn = NULL;
 /* Define this to make the type-3 message include the NT response message */
 #define USE_NTRESPONSES 1
 
+/* Define this to make the type-3 message include the NTLM2Session response
+   message, requires USE_NTRESPONSES. */
+#define USE_NTLM2SESSION 1
+
 #ifndef USE_WINDOWS_SSPI
 /* this function converts from the little endian format used in the incoming
    package to whatever endian format we're using natively */
@@ -630,7 +637,11 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
     32    start of data block
 
     */
-
+#if USE_NTLM2SESSION
+#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
+#else
+#define NTLM2FLAG 0
+#endif
     snprintf((char *)ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c"
              "\x01%c%c%c" /* 32-bit type = 1 */
              "%c%c%c%c"   /* 32-bit NTLM flag field */
@@ -651,6 +662,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
                NTLMFLAG_NEGOTIATE_OEM|
                NTLMFLAG_REQUEST_TARGET|
                NTLMFLAG_NEGOTIATE_NTLM_KEY|
+               NTLM2FLAG|
                NTLMFLAG_NEGOTIATE_ALWAYS_SIGN
                ),
              SHORTPAIR(domlen),
@@ -672,15 +684,18 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
               LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM|
                           NTLMFLAG_REQUEST_TARGET|
                           NTLMFLAG_NEGOTIATE_NTLM_KEY|
+                          NTLM2FLAG|
                           NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
               NTLMFLAG_NEGOTIATE_OEM|
               NTLMFLAG_REQUEST_TARGET|
               NTLMFLAG_NEGOTIATE_NTLM_KEY|
+              NTLM2FLAG|
               NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
       print_flags(stderr,
                   NTLMFLAG_NEGOTIATE_OEM|
                   NTLMFLAG_REQUEST_TARGET|
                   NTLMFLAG_NEGOTIATE_NTLM_KEY|
+                  NTLM2FLAG|
                   NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
       fprintf(stderr, "\n****\n");
     });
@@ -786,7 +801,41 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
       hostlen = strlen(host);
     }
 
-    {
+#if USE_NTLM2SESSION
+    /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
+    if (ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+      unsigned char ntbuffer[0x18];
+      unsigned char tmp[0x18];
+      unsigned char md5sum[MD5_DIGEST_LENGTH];
+      MD5_CTX MD5;
+      unsigned char random[8];
+
+      /* Need to create 8 bytes random data */
+      Curl_ossl_seed(conn->data); /* Initiate the seed if not already done */
+      RAND_bytes(random,8);
+
+      /* 8 bytes random data as challenge in lmresp */
+      memcpy(lmresp,random,8);
+      /* Pad with zeros */
+      memset(lmresp+8,0,0x10);
+
+      /* Fill tmp with challenge(nonce?) + random */
+      memcpy(tmp,&ntlm->nonce[0],8);
+      memcpy(tmp+8,random,8);
+
+      MD5_Init(&MD5);
+      MD5_Update(&MD5, tmp, 16);
+      MD5_Final(md5sum, &MD5);
+      /* We shall only use the first 8 bytes of md5sum,
+         but the des code in lm_resp only encrypt the first 8 bytes */
+      mk_nt_hash(passwdp, ntbuffer);
+      lm_resp(ntbuffer, md5sum, ntresp);
+
+      /* End of NTLM2 Session code */
+    }
+    else {
+#endif
+
 #if USE_NTRESPONSES
       unsigned char ntbuffer[0x18];
 #endif
diff --git a/lib/ssluse.c b/lib/ssluse.c
index ab177009a..0bbb57886 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -169,8 +169,7 @@ static bool rand_enough(int nread)
 }
 #endif
 
-static
-int random_the_seed(struct SessionHandle *data)
+static int ossl_seed(struct SessionHandle *data)
 {
   char *buf = data->state.buffer; /* point to the big buffer */
   int nread=0;
@@ -259,6 +258,20 @@ int random_the_seed(struct SessionHandle *data)
   return nread;
 }
 
+int Curl_ossl_seed(struct SessionHandle *data)
+{
+  /* we have the "SSL is seeded" boolean static to prevent multiple
+     time-consuming seedings in vain */
+  static bool ssl_seeded = FALSE;
+
+  if(!ssl_seeded || data->set.ssl.random_file || data->set.ssl.egdsocket) {
+    ossl_seed(data);
+    ssl_seeded = TRUE;
+  }
+  return 0;
+}
+
+
 #ifndef SSL_FILETYPE_ENGINE
 #define SSL_FILETYPE_ENGINE 42
 #endif
@@ -531,9 +544,6 @@ static char *SSL_strerror(unsigned long error, char *buf, size_t size)
   return (buf);
 }
 
-/* we have the "SSL is seeded" boolean global for the application to
-   prevent multiple time-consuming seedings in vain */
-static bool ssl_seeded = FALSE;
 #endif /* USE_SSLEAY */
 
 #ifdef USE_SSLEAY
@@ -1166,12 +1176,8 @@ Curl_ossl_connect_step1(struct connectdata *conn,
 
   curlassert(ssl_connect_1 == connssl->connecting_state);
 
-  if(!ssl_seeded || data->set.ssl.random_file || data->set.ssl.egdsocket) {
-    /* Make funny stuff to get random input */
-    random_the_seed(data);
-
-    ssl_seeded = TRUE;
-  }
+  /* Make funny stuff to get random input */
+  Curl_ossl_seed(data);
 
   /* check to see if we've been told to use an explicit SSL/TLS version */
   switch(data->set.ssl.version) {
diff --git a/lib/ssluse.h b/lib/ssluse.h
index 5cc2f700e..d33ac3878 100644
--- a/lib/ssluse.h
+++ b/lib/ssluse.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -63,7 +63,7 @@ ssize_t Curl_ossl_recv(struct connectdata *conn, /* connection data */
                        bool *wouldblock);
 
 size_t Curl_ossl_version(char *buffer, size_t size);
-
 int Curl_ossl_check_cxn(struct connectdata *cxn);
+int Curl_ossl_seed(struct SessionHandle *data);
 
 #endif
diff --git a/tests/data/test150 b/tests/data/test150
index 961898d58..7ae812d93 100644
--- a/tests/data/test150
+++ b/tests/data/test150
@@ -69,7 +69,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /150 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test155 b/tests/data/test155
index 6b0ff5ac9..91ed13abd 100644
--- a/tests/data/test155
+++ b/tests/data/test155
@@ -101,7 +101,7 @@ Content-Length: 85
 Expect: 100-continue
 
 PUT /155 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 Content-Length: 0
diff --git a/tests/data/test159 b/tests/data/test159
index 4e335b34e..2fcd7d502 100644
--- a/tests/data/test159
+++ b/tests/data/test159
@@ -69,7 +69,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /159 HTTP/1.0
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test162 b/tests/data/test162
index c987c4a21..e0d602429 100644
--- a/tests/data/test162
+++ b/tests/data/test162
@@ -35,7 +35,7 @@ http://%HOSTIP:%HTTPPORT/162 --proxy http://%HOSTIP:%HTTPPORT --proxy-user foo:b
 </strip>
 <protocol>
 GET http://127.0.0.1:%HTTPPORT/162 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
 Host: 127.0.0.1:%HTTPPORT
 Pragma: no-cache
diff --git a/tests/data/test169 b/tests/data/test169
index 0bfd31284..42d5bb00b 100644
--- a/tests/data/test169
+++ b/tests/data/test169
@@ -87,7 +87,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAAAw
 </strippart)
 <protocol>
 GET http://data.from.server.requiring.digest.hohoho.com/169 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.12.0-CVS (i686-pc-linux-gnu) libcurl/7.12.0-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.3
 Host: data.from.server.requiring.digest.hohoho.com
 Pragma: no-cache
diff --git a/tests/data/test170 b/tests/data/test170
index 556b2ab2a..4b957a578 100644
--- a/tests/data/test170
+++ b/tests/data/test170
@@ -25,7 +25,7 @@ http://a.galaxy.far.far.away/170 --proxy http://%HOSTIP:%HTTPPORT --proxy-user f
 </strip>
 <protocol>
 POST http://a.galaxy.far.far.away/170 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.12.0-CVS (i686-pc-linux-gnu) libcurl/7.12.0-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 libidn/0.4.3
 Host: a.galaxy.far.far.away
 Pragma: no-cache
diff --git a/tests/data/test176 b/tests/data/test176
index a92c65e8d..e7ed3ecbb 100644
--- a/tests/data/test176
+++ b/tests/data/test176
@@ -56,7 +56,7 @@ http://%HOSTIP:%HTTPPORT/176 -u auser:apasswd --ntlm -d "junkelijunk"
 </strip>
 <protocol nonewline=yes>
 POST /176 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test209 b/tests/data/test209
index cffb260f0..3538d7a6e 100644
--- a/tests/data/test209
+++ b/tests/data/test209
@@ -86,7 +86,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
 <protocol>
 CONNECT test.remote.server.com:209 HTTP/1.0
 Host: test.remote.server.com:209
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 Proxy-Connection: Keep-Alive
 
 CONNECT test.remote.server.com:209 HTTP/1.0
diff --git a/tests/data/test213 b/tests/data/test213
index 453d5d96b..79a8f77e7 100644
--- a/tests/data/test213
+++ b/tests/data/test213
@@ -86,7 +86,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
 <protocol nonewline=yes>
 CONNECT test.remote.server.com:213 HTTP/1.0
 Host: test.remote.server.com:213
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 Proxy-Connection: Keep-Alive
 
 CONNECT test.remote.server.com:213 HTTP/1.0
diff --git a/tests/data/test239 b/tests/data/test239
index b85b34b42..7a789b600 100644
--- a/tests/data/test239
+++ b/tests/data/test239
@@ -63,7 +63,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
 </strippart)
 <protocol nonewline=yes>
 POST http://%HOSTIP:%HTTPPORT/239 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13
 Host: %HOSTIP:%HTTPPORT
 Pragma: no-cache
diff --git a/tests/data/test243 b/tests/data/test243
index 1be5812ae..f8ef686e7 100644
--- a/tests/data/test243
+++ b/tests/data/test243
@@ -100,7 +100,7 @@ Content-Length: 6
 Content-Type: application/x-www-form-urlencoded
 
 postitPOST http://%HOSTIP:%HTTPPORT/243 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13
 Host: %HOSTIP:%HTTPPORT
 Pragma: no-cache
diff --git a/tests/data/test265 b/tests/data/test265
index 1e97d07e1..3a49bfcbc 100644
--- a/tests/data/test265
+++ b/tests/data/test265
@@ -89,7 +89,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
 <protocol nonewline=yes>
 CONNECT test.remote.server.com:265 HTTP/1.0
 Host: test.remote.server.com:265
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 Proxy-Connection: Keep-Alive
 
 CONNECT test.remote.server.com:265 HTTP/1.0
diff --git a/tests/data/test267 b/tests/data/test267
index 0abf2372b..56d2a0a67 100644
--- a/tests/data/test267
+++ b/tests/data/test267
@@ -76,7 +76,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol nonewline=yes>
 POST /267 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test67 b/tests/data/test67
index 551b1f8df..da43a7d3a 100644
--- a/tests/data/test67
+++ b/tests/data/test67
@@ -76,7 +76,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /67 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test68 b/tests/data/test68
index b44fc1129..19215defc 100644
--- a/tests/data/test68
+++ b/tests/data/test68
@@ -78,7 +78,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /68 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test69 b/tests/data/test69
index 747596e66..333ec2c0f 100644
--- a/tests/data/test69
+++ b/tests/data/test69
@@ -96,7 +96,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 
 GET /69 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test81 b/tests/data/test81
index 99206ae7c..732f9dc6d 100644
--- a/tests/data/test81
+++ b/tests/data/test81
@@ -74,7 +74,7 @@ s/(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAA
 </strippart)
 <protocol>
 GET http://127.0.0.1:%HTTPPORT/81 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Pragma: no-cache
diff --git a/tests/data/test89 b/tests/data/test89
index 29d6db010..3ed2439db 100644
--- a/tests/data/test89
+++ b/tests/data/test89
@@ -109,7 +109,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /89 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
@@ -121,7 +121,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 
 GET /you/890010 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.8-pre1 (i686-pc-linux-gnu) libcurl/7.10.8-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 GSS
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test90 b/tests/data/test90
index eb79462f5..df1bb6943 100644
--- a/tests/data/test90
+++ b/tests/data/test90
@@ -148,7 +148,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 
 GET /90 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
@@ -164,7 +164,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 
 GET /you/900010 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.8-pre1 (i686-pc-linux-gnu) libcurl/7.10.8-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 GSS
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
diff --git a/tests/data/test91 b/tests/data/test91
index 4678f5f72..ad0545926 100644
--- a/tests/data/test91
+++ b/tests/data/test91
@@ -99,7 +99,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 
 GET /91 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*