spnego_sspi: add support for channel binding

Attempt to add support for Secure Channel binding when negotiate authentication is used. The problem to solve is that by default IIS accepts channel binding and curl doesn't utilise them. The result was a 401 response. Scope affects only the Schannel(winssl)-SSPI combination. Fixes https://github.com/curl/curl/issues/3503 Closes https://github.com/curl/curl/pull/3509
author: georgeok <giorgos.n.oikonomou@gmail.com> 2019-01-29 18:26:31 +0100
committer: Marcel Raad <Marcel.Raad@teamviewer.com> 2019-02-01 09:56:27 +0100
commit: a730432e59754df97c8985eb3094ca1cdd3e4955 (patch)
tree: 3e19c162afb855193a7ef4db1419a3f80b0d9392 /lib/urldata.h
parent: 463f16d188f9e7fae2e71a6b3160d391fbe8ff18 (diff)
download: curl-a730432e59754df97c8985eb3094ca1cdd3e4955.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/urldata.h b/lib/urldata.h
index b71a843b4..ff3cc9a65 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -364,6 +364,9 @@ struct negotiatedata {
   gss_buffer_desc output_token;
 #else
 #ifdef USE_WINDOWS_SSPI
+#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
+  CtxtHandle *sslContext;
+#endif
   DWORD status;
   CredHandle *credentials;
   CtxtHandle *context;
@@ -980,6 +983,9 @@ struct connectdata {
   void *seek_client;            /* pointer to pass to the seek() above */
 
   /*************** Request - specific items ************/
+#if defined(USE_WINDOWS_SSPI) && defined(SECPKG_ATTR_ENDPOINT_BINDINGS)
+  CtxtHandle *sslContext;
+#endif
 
 #if defined(USE_NTLM)
   struct ntlmdata ntlm;     /* NTLM differs from other authentication schemes
author	georgeok <giorgos.n.oikonomou@gmail.com>	2019-01-29 18:26:31 +0100
committer	Marcel Raad <Marcel.Raad@teamviewer.com>	2019-02-01 09:56:27 +0100
commit	a730432e59754df97c8985eb3094ca1cdd3e4955 (patch)
tree	3e19c162afb855193a7ef4db1419a3f80b0d9392 /lib/urldata.h
parent	463f16d188f9e7fae2e71a6b3160d391fbe8ff18 (diff)
download	curl-a730432e59754df97c8985eb3094ca1cdd3e4955.tar.gz