From 6f86022df26243cc8a035fe8b4c89033b6a04bc0 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Wed, 30 Aug 2017 21:10:38 +0000 Subject: ntlm: use strict order for SSL backend #if branches With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL One option would be to use the same SSL backend as was configured via `curl_global_sslset()`, however, NTLMv2 support would appear to be available only with some SSL backends. For example, when eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced support for NTLMv1 using Windows' Crypt API, it specifically did *not* introduce NTLMv2 support using Crypt API at the same time. So let's select one specific SSL backend for NTLM support when compiled with multiple SSL backends, using a priority order such that we support NTLMv2 even if only one compiled-in SSL backend can be used for that. Ref: https://github.com/curl/curl/pull/1848 --- lib/http_ntlm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/http_ntlm.c') diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index c110fa717..28e638e69 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -41,7 +41,9 @@ #include "vauth/vauth.h" #include "url.h" -#if defined(USE_NSS) +/* SSL backend-specific #if branches in this file must be kept in the order + documented in curl_ntlm_core. */ +#if defined(NTLM_NEEDS_NSS_INIT) #include "vtls/nssg.h" #elif defined(USE_WINDOWS_SSPI) #include "curl_sspi.h" @@ -129,7 +131,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy) DEBUGASSERT(conn); DEBUGASSERT(conn->data); -#ifdef USE_NSS +#if defined(NTLM_NEEDS_NSS_INIT) if(CURLE_OK != Curl_nss_force_init(conn->data)) return CURLE_OUT_OF_MEMORY; #endif -- cgit v1.2.3