I don't know enough about how libcurl handles authentication to know whether these patches are a good idea, but I have a minor comment anyway. > -----Original Message----- > From: Jeff King [mailto:peff@xxxxxxxx] > +static int curl_empty_auth_enabled(void) { > + if (curl_empty_auth < 0) { > +#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY > + /* > + * In the automatic case, kick in the empty-auth > + * hack as long as we would potentially try some > + * method more exotic than "Basic". > + * > + * But only do so when this is _not_ our initial > + * request, as we would not then yet know what > + * methods are available. > + */ Eliminate double-negative: "But only do this when this is our second or subsequent request, as by then we know what methods are available."