Bug 989557

Summary: Unable to use proxy with kerberos authentication for https
Product: Red Hat Enterprise Linux 5 Reporter: Aleš Mareček <amarecek>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: high    
Version: 5.9CC: amarecek, kdudka, luf, mhusnain, mvadkert, ovasik, paul
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 625685 Environment:
Last Closed: 2013-08-09 12:15:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 625676, 625685    
Bug Blocks: 657396    

Description Aleš Mareček 2013-07-29 14:19:23 UTC 
+++ This bug was initially created as a clone of Bug #625685 +++

+++ This bug was initially created as a clone of Bug #625676 +++

Description of problem:
I'm unable to use curl with all https:// URLs when my proxy uses kerberos authentization:
curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz
407 Proxy Auth required
when
curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : http://email.seznam.cz
works ok.

This bug was already fixed by curl developer(s) in git. Let's see:
https://sourceforge.net/tracker/?func=detail&aid=3046066&group_id=976&atid=100976

I need fix for all supported Fedora and RHEL distributions as soon as possible.
May I add same bug report for RHEL or is this bug report enough for it?

Version-Release number of selected component (if applicable):
$ curl -V
curl 7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.6 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile SSL libz

How reproducible:
We have a squid with kerberos authentization.
curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz
407 Proxy Auth required
when
curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : http://email.seznam.cz
works ok.


Steps to Reproduce:
1. Install and setup squid with kerberos negotiation auth.
2. curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz