diff options
author | georgeok <giorgos.n.oikonomou@gmail.com> | 2019-01-29 18:26:31 +0100 |
---|---|---|
committer | Marcel Raad <Marcel.Raad@teamviewer.com> | 2019-02-01 09:56:27 +0100 |
commit | a730432e59754df97c8985eb3094ca1cdd3e4955 (patch) | |
tree | 3e19c162afb855193a7ef4db1419a3f80b0d9392 /lib/http_negotiate.c | |
parent | 463f16d188f9e7fae2e71a6b3160d391fbe8ff18 (diff) | |
download | curl-a730432e59754df97c8985eb3094ca1cdd3e4955.tar.gz |
spnego_sspi: add support for channel binding
Attempt to add support for Secure Channel binding when negotiate
authentication is used. The problem to solve is that by default IIS
accepts channel binding and curl doesn't utilise them. The result was a
401 response. Scope affects only the Schannel(winssl)-SSPI combination.
Fixes https://github.com/curl/curl/issues/3503
Closes https://github.com/curl/curl/pull/3509
Diffstat (limited to 'lib/http_negotiate.c')
-rw-r--r-- | lib/http_negotiate.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 4713d1bd5..2a97707eb 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -89,6 +89,11 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy, } } + /* Supports SSL channel binding for Windows ISS extended protection */ +#if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS) + neg_ctx->sslContext = conn->sslContext; +#endif + /* Initialize the security context and decode our challenge */ result = Curl_auth_decode_spnego_message(data, userp, passwdp, service, host, header, neg_ctx); |