http_negotiate: do not close connection until negotiation is completed

Fix HTTP POST using CURLAUTH_NEGOTIATE.

Closes #3275

2 files changed, 8 insertions, 1 deletions

diff --git a/lib/http.c b/lib/http.c
index 46ac15a6e..afc919b09 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -610,7 +610,6 @@ output_auth_headers(struct connectdata *conn,
     result = Curl_output_negotiate(conn, proxy);
     if(result)
       return result;
-    authstatus->done = TRUE;
     negdata->state = GSS_AUTHSENT;
   }
   else
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index ddcd65b3b..444265d11 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -49,6 +49,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
 
   /* Point to the correct struct with this */
   struct negotiatedata *neg_ctx;
+  struct auth *authp;
 
   if(proxy) {
     userp = conn->http_proxy.user;
@@ -57,6 +58,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
               data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
     host = conn->http_proxy.host.name;
     neg_ctx = &data->state.proxyneg;
+    authp = &conn->data->state.authproxy;
   }
   else {
     userp = conn->user;
@@ -65,6 +67,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
               data->set.str[STRING_SERVICE_NAME] : "HTTP";
     host = conn->host.name;
     neg_ctx = &data->state.negotiate;
+    authp = &conn->data->state.authhost;
   }
 
   /* Not set means empty */
@@ -95,6 +98,11 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
 
   if(result)
     Curl_auth_spnego_cleanup(neg_ctx);
+  else
+    /* If the status is different than 0 and we encountered no errors
+    it means we have to continue. 0 is the OK value for both GSSAPI
+    (GSS_S_COMPLETE) and SSPI (SEC_E_OK) */
+    authp->done = !neg_ctx->status;
 
   return result;
 }