On Tue, 17 Feb 2015, Wenlong Dong wrote: > > * I'd rather support this across all of our mechanisms that use > > a SPN (such as Socks 5, SPNEGO, Kerberos, Digest) in each of > > the GSS-API, SSPI and Native implementations > > > > * Possibly deprecate CURLOPT_SOCKS5_GSSAPI_SERVICE (I > > would suggest a new CURLOPT_SERVICE_NAME or > > CURLOPT_SPN, etc... option with the same value for API > > compatibility) > > > > * The code has also changed quite a bit since v7.36 (The next > > release will be 7.41) > > Steve, thanks a lot for the quick response! Those are great comments.
No problem. > Let me try to put together a change with what you mentioned. Sound good - I look forward to seeing your proposed changes. > In that case CURLOPT_SERVICE_NAME makes more sense. For > negotiate/Kerberos, we let the libcurl to append the host name > to generate the SPN as <servicename>/<host>. Ah - right. Yes - I see your point. Some more random thoughts from me this evening... I wouldn't recommend replacing CURLOPT_SOCKS5_GSSAPI_SERVICE with CURLOPT_SERVICE_NAME as Socks 5 is used as a proxy and a curl user / libcurl programmer might want to set both the proxy and the protocol service name. As such I would recommend something like: * libcurl - replace CURLOPT_SOCKS5_GSSAPI_SERVICE with CURLOPT_PROXY_SERVICE_NAME as it can then be used for HTTP proxy with Kerberos/SPNEGO/Digest and keep CURLOPT_SOCKS5_GSSAPI_SERVICE for backwards API compatibility * libcurl - add CURLOPT_SERVICE_NAME as new value * curl - replace --socks5-gssapi-service with --proxy-service-name and add --socks5-gssapi-service as an alias * curl - add support for --service-name as a new argument Kind Regards Steve ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html