Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes: > On Wed, 22 Feb 2017, Jeff King wrote: >> This patch drops the useless probe request: > ... >> but setting http.emptyauth adds back in the useless request. I think >> that could be fixed by skipping the empty-auth thing when >> http_auth_methods does not have CURLAUTH_NEGOTIATE in it (or perhaps >> other methods need it to, so maybe skip it if _just_ BASIC is set). >> >> I suspect the patch above could probably be generalized as: >> >> /* cut out methods we know the server doesn't support */ >> http_auth_methods &= results.auth_avail; >> >> and let curl figure it out from there. > > Maybe this patch (or a variation thereof) would also be able to fix this > problem with the patch: > > https://github.com/git-for-windows/git/issues/1034 > > Short version: for certain servers (that do *not* advertise Negotiate), > setting emptyauth to true will result in a failed fetch, without letting > the user type in their credentials. The issue described in that page looks rather serious. I believe that a "variation" has become the first part of a two-patch series that appear in the downthread from here. Perhaps you can ask them to test it out (or even better if you have a setup you can easily test against yourself)?