Created attachment 439865 [details] patch for the problem created by curl developer Description of problem: I'm unable to use curl with all https:// URLs when my proxy uses kerberos authentization: curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz 407 Proxy Auth required when curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : http://email.seznam.cz works ok. This bug was already fixed by curl developer(s) in git. Let's see: https://sourceforge.net/tracker/?func=detail&aid=3046066&group_id=976&atid=100976 I need fix for all supported Fedora and RHEL distributions as soon as possible. May I add same bug report for RHEL or is this bug report enough for it? Version-Release number of selected component (if applicable): $ curl -V curl 7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.6 NSS/3.12.6.2 zlib/1.2.3 libidn/1.9 libssh2/1.2.4 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp Features: GSS-Negotiate IDN IPv6 Largefile SSL libz How reproducible: We have a squid with kerberos authentization. curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz 407 Proxy Auth required when curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : http://email.seznam.cz works ok. Steps to Reproduce: 1. Install and setup squid with kerberos negotiation auth. 2. curl --proxy http://myproxy:3128 --proxy-negotiate --proxy-user : https://email.seznam.cz Actual results: 407 Proxy Auth required Expected results: Requested page. Additional info: This bug was already fixed by curl developer(s) in git. Let's see: https://sourceforge.net/tracker/?func=detail&aid=3046066&group_id=976&atid=100976 There is official patch in the tracker. I attach the official patch here too.
(In reply to comment #0) > Created attachment 439865 [details] > patch for the problem created by curl developer Thanks for filing the bug. Upstream commit: http://github.com/bagder/curl/commit/13b8fc4 > I need fix for all supported Fedora and RHEL distributions as soon as possible. > May I add same bug report for RHEL or is this bug report enough for it? I'll clone the bug for RHEL-6. RHEL-5 does not suffer from the flaw as there is no proxy support in http_negotiate at all.
curl-7.21.0-4.fc14 has been submitted as an update for Fedora 14. http://admin.fedoraproject.org/updates/curl-7.21.0-4.fc14
curl-7.20.1-4.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/curl-7.20.1-4.fc13
curl-7.19.7-13.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/curl-7.19.7-13.fc12
curl-7.20.1-4.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update curl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/curl-7.20.1-4.fc13
curl-7.20.1-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
curl-7.21.0-4.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
curl-7.19.7-13.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.