On Thu, Mar 28, 2024 at 09:54:06AM -0400, Jason Qian via openssl-users wrote:
> We are running C++ server(with TLS 1.2 OpenSSL 1.1.1n). The clients are in
> C#, Java and C++;
> All clients work fine, but when using C++ client, the server receives a
> large amount of Authorization information along with application data.
> (C#, Java client are not sending those information)
>
> GET /data//somehost-1/ddt//ds-1117482431063112572/2.out HTTP/1.1
> Host: somehost .dev.xx.com:27159
> *Authorization: Negotiate
> YIIMmQYGKwYBBQUCoIIMjTCCDImgMDAuBgkqhkiC9xIBAg......*
>
> The C++ client is using CURL [7.83.0] with OpenSSL 1.1.1n.
It looks like CURL supports SPENEGO (GSSAPI) authentication, and
presents a suitable token to the server. The other clients might
not include SPENEGO support. Per the previous reply, this is
an HTTP not an OpenSSL issue.
--
Viktor.
