NTLM: force the connection to HTTP/1.1
Resolves: RHEL-73788
This commit is contained in:
Jacek Migacz
parent
9e21b99285
commit
b61096d4ba
42
0067-curl-7.61.1-ntlm-force-http-1-1.patch
Normal file
42
0067-curl-7.61.1-ntlm-force-http-1-1.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From cbea2fd2c74feabeb6f13b3e3df243b225b3b3ab Mon Sep 17 00:00:00 2001
|
||||
From: Johannes Schindelin <johannes.schindelin@gmx.de>
|
||||
Date: Thu, 6 Dec 2018 17:26:13 +0100
|
||||
Subject: [PATCH] NTLM: force the connection to HTTP/1.1
|
||||
|
||||
Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
|
||||
the capability. However, NTLM authentication only works with HTTP/1.1,
|
||||
and will likely remain in that boat (for details, see
|
||||
https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).
|
||||
|
||||
When we just found out that we want to use NTLM, and when the current
|
||||
connection runs in HTTP/2 mode, let's force the connection to be closed
|
||||
and to be re-opened using HTTP/1.1.
|
||||
|
||||
Fixes https://github.com/curl/curl/issues/3341.
|
||||
Closes #3345
|
||||
|
||||
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
||||
---
|
||||
lib/http.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/lib/http.c b/lib/http.c
|
||||
index aed7aa80f..7be6f8b92 100644
|
||||
--- a/lib/http.c
|
||||
+++ b/lib/http.c
|
||||
@@ -526,6 +526,12 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
||||
pickhost = pickoneauth(&data->state.authhost, authmask);
|
||||
if(!pickhost)
|
||||
data->state.authproblem = TRUE;
|
||||
+ if(data->state.authhost.picked == CURLAUTH_NTLM &&
|
||||
+ conn->httpversion > 11) {
|
||||
+ infof(data, "Forcing HTTP/1.1 for NTLM");
|
||||
+ connclose(conn, "Force HTTP/1.1 connection");
|
||||
+ conn->data->set.httpversion = CURL_HTTP_VERSION_1_1;
|
||||
+ }
|
||||
}
|
||||
if(conn->bits.proxy_user_passwd &&
|
||||
((data->req.httpcode == 407) ||
|
||||
--
|
||||
2.50.0
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.61.1
|
||||
Release: 34%{?dist}.7
|
||||
Release: 34%{?dist}.8
|
||||
License: MIT
|
||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
@ -193,6 +193,9 @@ Patch65: 0065-md5-hex-key.patch
|
||||
# crypto: ensure crypto initialization works
|
||||
Patch66: 0066-crypto-initialization.patch
|
||||
|
||||
# NTLM: force the connection to HTTP/1.1
|
||||
Patch67: 0067-curl-7.61.1-ntlm-force-http-1-1.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -432,6 +435,7 @@ git apply %{PATCH52}
|
||||
%patch -P 64 -p1
|
||||
%patch -P 65 -p1
|
||||
%patch -P 66 -p1
|
||||
%patch -P 67 -p1
|
||||
|
||||
# make tests/*.py use Python 3
|
||||
sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
|
||||
@ -594,6 +598,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Mon Jul 21 2025 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.8
|
||||
- NTLM: force the connection to HTTP/1.1 (RHEL-73788)
|
||||
|
||||
* Wed Jul 09 2025 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.7
|
||||
* crypto: ensure crypto initialization works (RHEL-102601)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user