On Fri, Apr 15, 2016 at 06:43:35PM -0400, Jeff King wrote:
> Hmm. Looks like we already pull this out of the curl result for other
> reasons, but we never feed it back in to the next request. So if I do
> this:
>
> diff --git a/http.c b/http.c
> index 9bedad7..add9bf2 100644
> --- a/http.c
> +++ b/http.c
> @@ -1132,6 +1132,8 @@ static int handle_curl_result(struct slot_results *results)
> return HTTP_NOAUTH;
> } else {
> #ifdef LIBCURL_CAN_HANDLE_AUTH_ANY
> + if (results->auth_avail)
> + http_auth_methods = results->auth_avail;
> http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE;
> #endif
> return HTTP_REAUTH;
>
> that drops my test case down to two requests: once to find out that we
> need auth via the 401, and then we feed curl sufficient information to
> do the followup in a single request (the GSSNEGOTIATE thing there is a
> hack from 4dbe664, which we can ignore for now).
>
> Interestingly, curl _does_ reuse the connection this time. I'm still not
> sure why it didn't in the original case. But this means the whole thing
> is happening over a single TCP session, which is good (and I didn't have
> to change my config at all).
This looks fine from my point of view. GSS-Negotiate and Digest are
going to require at least one round-trip because they need the token or
nonce to authenticate. Basic shouldn't, though.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204
Attachment:
signature.asc
Description: PGP signature