diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2018-12-06 17:26:13 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2018-12-07 13:03:21 +0100 |
| commit | cbea2fd2c74feabeb6f13b3e3df243b225b3b3ab (patch) | |
| tree | 366fd339ba8838c81584ab4589b1c74a6d7413ed | |
| parent | 2456152069a8f471c63fb2de07322bdd0c29e533 (diff) | |
| download | curl-cbea2fd2c74feabeb6f13b3e3df243b225b3b3ab.tar.gz | |
NTLM: force the connection to HTTP/1.1
Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
the capability. However, NTLM authentication only works with HTTP/1.1,
and will likely remain in that boat (for details, see
https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).
When we just found out that we want to use NTLM, and when the current
connection runs in HTTP/2 mode, let's force the connection to be closed
and to be re-opened using HTTP/1.1.
Fixes https://github.com/curl/curl/issues/3341.
Closes #3345
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
| -rw-r--r-- | lib/http.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/http.c b/lib/http.c index aed7aa80f..7be6f8b92 100644 --- a/lib/http.c +++ b/lib/http.c @@ -526,6 +526,12 @@ CURLcode Curl_http_auth_act(struct connectdata *conn) pickhost = pickoneauth(&data->state.authhost, authmask); if(!pickhost) data->state.authproblem = TRUE; + if(data->state.authhost.picked == CURLAUTH_NTLM && + conn->httpversion > 11) { + infof(data, "Forcing HTTP/1.1 for NTLM"); + connclose(conn, "Force HTTP/1.1 connection"); + conn->data->set.httpversion = CURL_HTTP_VERSION_1_1; + } } if(conn->bits.proxy_user_passwd && ((data->req.httpcode == 407) || |