Steve, many thanks! Your thinking makes total sense to me after looking at the code. Socks5/proxy are indeed separate. I just checked our legal counsel. Unfortunately our policy does not allow me to contribute code into libcurl. I am sorry about that. It would be great if someone else can help to make this change. -Wenlong
On Wed, Feb 18, 2015 at 3:11 PM, Steve Holme <steve_ho...@hotmail.com> wrote: > On Tue, 17 Feb 2015, Wenlong Dong wrote: > > > > * I'd rather support this across all of our mechanisms that use > > > a SPN (such as Socks 5, SPNEGO, Kerberos, Digest) in each of > > > the GSS-API, SSPI and Native implementations > > > > > > * Possibly deprecate CURLOPT_SOCKS5_GSSAPI_SERVICE (I > > > would suggest a new CURLOPT_SERVICE_NAME or > > > CURLOPT_SPN, etc... option with the same value for API > > > compatibility) > > > > > > * The code has also changed quite a bit since v7.36 (The next > > > release will be 7.41) > > > > Steve, thanks a lot for the quick response! Those are great comments. > > No problem. > > > Let me try to put together a change with what you mentioned. > > Sound good - I look forward to seeing your proposed changes. > > > In that case CURLOPT_SERVICE_NAME makes more sense. For > > negotiate/Kerberos, we let the libcurl to append the host name > > to generate the SPN as <servicename>/<host>. > > Ah - right. Yes - I see your point. > > Some more random thoughts from me this evening... > > I wouldn't recommend replacing CURLOPT_SOCKS5_GSSAPI_SERVICE with > CURLOPT_SERVICE_NAME as Socks 5 is used as a proxy and a curl user / > libcurl programmer might want to set both the proxy and the protocol > service name. As such I would recommend something like: > > * libcurl - replace CURLOPT_SOCKS5_GSSAPI_SERVICE with > CURLOPT_PROXY_SERVICE_NAME as it can then be used for HTTP proxy with > Kerberos/SPNEGO/Digest and keep CURLOPT_SOCKS5_GSSAPI_SERVICE for backwards > API compatibility > * libcurl - add CURLOPT_SERVICE_NAME as new value > * curl - replace --socks5-gssapi-service with --proxy-service-name and add > --socks5-gssapi-service as an alias > * curl - add support for --service-name as a new argument > > Kind Regards > > Steve > > ------------------------------------------------------------------- > List admin: http://cool.haxx.se/list/listinfo/curl-library > Etiquette: http://curl.haxx.se/mail/etiquette.html >
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html