Bug 625676

Summary: Unable to use proxy with kerberos authentization for https
Product: [Fedora] Fedora Reporter: Ludek Finstrle <luf>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: kdudka, paul
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: curl-7.19.7-13.fc12 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 625685 (view as bug list) Environment:
Last Closed: 2010-08-26 00:57:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 625685, 989557    
Attachments:
Description Flags
patch for the problem created by curl developer none

Description Ludek Finstrle 2010-08-20 05:43:43 UTC 
Created attachment 439865 [details]
patch for the problem created by curl developer

Description of problem:
I'm unable to use curl with all https:// URLs when my proxy uses kerberos authentization:
curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz
407 Proxy Auth required
when
curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : http://email.seznam.cz
works ok.

This bug was already fixed by curl developer(s) in git. Let's see:
https://sourceforge.net/tracker/?func=detail&aid=3046066&group_id=976&atid=100976

I need fix for all supported Fedora and RHEL distributions as soon as possible.
May I add same bug report for RHEL or is this bug report enough for it?

Version-Release number of selected component (if applicable):
$ curl -V
curl 7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.6 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile SSL libz

How reproducible:
We have a squid with kerberos authentization.
curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz
407 Proxy Auth required
when
curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : http://email.seznam.cz
works ok.


Steps to Reproduce:
1. Install and setup squid with kerberos negotiation auth.
2. curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz
  
Actual results:
407 Proxy Auth required

Expected results:
Requested page.

Additional info:
This bug was already fixed by curl developer(s) in git. Let's see:
https://sourceforge.net/tracker/?func=detail&aid=3046066&group_id=976&atid=100976
There is official patch in the tracker. I attach the official patch here too.
Comment 1 Kamil Dudka 2010-08-20 06:53:08 UTC 
(In reply to comment #0)
> Created attachment 439865 [details]
> patch for the problem created by curl developer

Thanks for filing the bug.  Upstream commit:

http://github.com/bagder/curl/commit/13b8fc4

> I need fix for all supported Fedora and RHEL distributions as soon as possible.
> May I add same bug report for RHEL or is this bug report enough for it?

I'll clone the bug for RHEL-6.  RHEL-5 does not suffer from the flaw as there is no proxy support in http_negotiate at all.
Comment 2 Fedora Update System 2010-08-23 20:12:04 UTC 
curl-7.21.0-4.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/curl-7.21.0-4.fc14
Comment 3 Fedora Update System 2010-08-23 20:12:15 UTC 
curl-7.20.1-4.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/curl-7.20.1-4.fc13
Comment 4 Fedora Update System 2010-08-23 20:58:09 UTC 
curl-7.19.7-13.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/curl-7.19.7-13.fc12
Comment 5 Fedora Update System 2010-08-24 21:05:19 UTC 
curl-7.20.1-4.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update curl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/curl-7.20.1-4.fc13
Comment 6 Fedora Update System 2010-08-26 00:57:36 UTC 
curl-7.20.1-4.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2010-09-01 05:50:45 UTC 
curl-7.21.0-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2010-09-11 09:09:07 UTC 
curl-7.19.7-13.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.