From 8924f58c370afa756fc4fd13916dfdea91d21b21 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Thu, 27 Apr 2017 15:18:49 +0200 Subject: CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth If libcurl was built with GSS-API support, it unconditionally advertised GSS-API authentication while connecting to a SOCKS5 proxy. This caused problems in environments with improperly configured Kerberos: a stock libcurl failed to connect, despite libcurl built without GSS-API connected fine using username and password. This commit introduces the CURLOPT_SOCKS5_AUTH option to control the allowed methods for SOCKS5 authentication at run time. Note that a new option was preferred over reusing CURLOPT_PROXYAUTH for compatibility reasons because the set of authentication methods allowed by default was different for HTTP and SOCKS5 proxies. Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html Closes https://github.com/curl/curl/pull/1454 --- include/curl/curl.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include') diff --git a/include/curl/curl.h b/include/curl/curl.h index 0b741e82d..82fb8aeb8 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -677,6 +677,8 @@ typedef enum { #define CURLAUTH_NEGOTIATE (((unsigned long)1)<<2) /* Deprecated since the advent of CURLAUTH_NEGOTIATE */ #define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE +/* Used for CURLOPT_SOCKS5_AUTH to stay terminologically correct */ +#define CURLAUTH_GSSAPI CURLAUTH_NEGOTIATE #define CURLAUTH_NTLM (((unsigned long)1)<<3) #define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4) #define CURLAUTH_NTLM_WB (((unsigned long)1)<<5) @@ -1783,6 +1785,9 @@ typedef enum { /* The request target, instead of extracted from the URL */ CINIT(REQUEST_TARGET, STRINGPOINT, 266), + /* bitmask of allowed auth methods for connections to SOCKS5 proxies */ + CINIT(SOCKS5_AUTH, LONG, 267), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; -- cgit v1.2.3