NTLM2 session response support

2006-06-07 14:14:04 +00:00 · 2006-06-07 14:14:04 +00:00 · 2bd3033f68
commit 2bd3033f68
parent fe105a07e3
25 changed files with 107 additions and 43 deletions
--- a/4
+++ b/4
@ -6,6 +6,10 @@
                                  Changelog
 Daniel (7 June 2006)
 - Mikael Sennerholm provided a patch that added NTLM2 session response support
  to libcurl. The 21 NTLM test cases were again modified to comply...
 Daniel (27 May 2006)
 - Óscar Morales Vivó updated the libcurl.framework.make file.
--- a/17
+++ b/17
@ -5,12 +5,13 @@ Curl and libcurl 7.15.4
 Available command line options:           112
 Available curl_easy_setopt() options:     132
 Number of public functions in libcurl:    49
- Amount of public web site mirrors:        32
+ Amount of public web site mirrors:        33
 Number of known libcurl bindings:         32
 Number of contributors:                   492
 This release includes the following changes:
 o NTLM2 session response support
 o CURLOPT_COOKIELIST set to "SESS" clears all session cookies
 o CURLINFO_LASTSOCKET returned sockets are now checked more before returned
 o curl-config got a --checkfor option to compare version numbers
@ -46,13 +47,17 @@ This release includes the following bugfixes:
 o TFTP transfers could trash data
 o -d + -G combo crash
-Other curl-related news since the previous public release:
+Other curl-related news:
 o http://curl.de-mirror.de/ is a new mirror in Aachen, Germany
 o http://curl.osmirror.nl/ is a new mirror in Amsterdam, the Netherlands
 o tclcurl 0.15.3 was released:
   http://personal1.iddeo.es/andresgarci/tclcurl/english/
- o http://curl.usphp.com/ is a new mirror in Florida, US
+
 New curl mirrors:
 o http://curl.webdesign-zdg.de/ in Frankfurt, Germany
 o http://curl.de-mirror.de/ in Aachen, Germany
 o http://curl.osmirror.nl/ in Amsterdam, the Netherlands
 o http://curl.usphp.com/ in Florida, US
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
@ -60,6 +65,6 @@ advice from friends like these:
 Dan Fandrich, Ilja van Sprundel, David McCreedy, Tor Arntsen, Xavier Bouchoux,
 David Byron, Michele Bini, Ates Goral, Katie Wang, Robson Braga Araujo,
 Ale Vesely, Paul Querna, Gisle Vanem, Mark Eichin, Roland Blom, Andreas
- Ntaflos, David Shaw, Michael Wallner, Olaf Stüben
+ Ntaflos, David Shaw, Michael Wallner, Olaf Stüben, Mikael Sennerholm
        Thanks! (and sorry if I forgot to mention someone)
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@ -51,6 +51,7 @@
 #include "http_ntlm.h"
 #include "url.h"
 #include "memory.h"
 #include "ssluse.h"
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@ -59,7 +60,9 @@
 #include <openssl/des.h>
 #include <openssl/md4.h>
 #include <openssl/md5.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
 #if OPENSSL_VERSION_NUMBER < 0x00907001L
 #define DES_key_schedule des_key_schedule
@ -94,6 +97,10 @@ static PSecurityFunctionTable s_pSecFn = NULL;
 /* Define this to make the type-3 message include the NT response message */
 #define USE_NTRESPONSES 1
 /* Define this to make the type-3 message include the NTLM2Session response
   message, requires USE_NTRESPONSES. */
 #define USE_NTLM2SESSION 1
 #ifndef USE_WINDOWS_SSPI
 /* this function converts from the little endian format used in the incoming
   package to whatever endian format we're using natively */
@ -630,7 +637,11 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
    32    start of data block
    */
-
+#if USE_NTLM2SESSION
 #define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
 #else
 #define NTLM2FLAG 0
 #endif
    snprintf((char *)ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c"
             "\x01%c%c%c" /* 32-bit type = 1 */
             "%c%c%c%c"   /* 32-bit NTLM flag field */
@ -651,6 +662,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
               NTLMFLAG_NEGOTIATE_OEM|
               NTLMFLAG_REQUEST_TARGET|
               NTLMFLAG_NEGOTIATE_NTLM_KEY|
               NTLM2FLAG|
               NTLMFLAG_NEGOTIATE_ALWAYS_SIGN
               ),
             SHORTPAIR(domlen),
@ -672,15 +684,18 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
              LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM|
                          NTLMFLAG_REQUEST_TARGET|
                          NTLMFLAG_NEGOTIATE_NTLM_KEY|
                          NTLM2FLAG|
                          NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
              NTLMFLAG_NEGOTIATE_OEM|
              NTLMFLAG_REQUEST_TARGET|
              NTLMFLAG_NEGOTIATE_NTLM_KEY|
              NTLM2FLAG|
              NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
      print_flags(stderr,
                  NTLMFLAG_NEGOTIATE_OEM|
                  NTLMFLAG_REQUEST_TARGET|
                  NTLMFLAG_NEGOTIATE_NTLM_KEY|
                  NTLM2FLAG|
                  NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
      fprintf(stderr, "\n****\n");
    });
@ -786,7 +801,41 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
      hostlen = strlen(host);
    }
-    {
+#if USE_NTLM2SESSION
    /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
    if (ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
      unsigned char ntbuffer[0x18];
      unsigned char tmp[0x18];
      unsigned char md5sum[MD5_DIGEST_LENGTH];
      MD5_CTX MD5;
      unsigned char random[8];
      /* Need to create 8 bytes random data */
      Curl_ossl_seed(conn->data); /* Initiate the seed if not already done */
      RAND_bytes(random,8);
      /* 8 bytes random data as challenge in lmresp */
      memcpy(lmresp,random,8);
      /* Pad with zeros */
      memset(lmresp+8,0,0x10);
      /* Fill tmp with challenge(nonce?) + random */
      memcpy(tmp,&ntlm->nonce[0],8);
      memcpy(tmp+8,random,8);
      MD5_Init(&MD5);
      MD5_Update(&MD5, tmp, 16);
      MD5_Final(md5sum, &MD5);
      /* We shall only use the first 8 bytes of md5sum,
         but the des code in lm_resp only encrypt the first 8 bytes */
      mk_nt_hash(passwdp, ntbuffer);
      lm_resp(ntbuffer, md5sum, ntresp);
      /* End of NTLM2 Session code */
    }
    else {
 #endif
 #if USE_NTRESPONSES
      unsigned char ntbuffer[0x18];
 #endif
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -169,8 +169,7 @@ static bool rand_enough(int nread)
 }
 #endif
-static
+static int ossl_seed(struct SessionHandle *data)
 int random_the_seed(struct SessionHandle *data)
 {
  char *buf = data->state.buffer; /* point to the big buffer */
  int nread=0;
@ -259,6 +258,20 @@ int random_the_seed(struct SessionHandle *data)
  return nread;
 }
 int Curl_ossl_seed(struct SessionHandle *data)
 {
  /* we have the "SSL is seeded" boolean static to prevent multiple
     time-consuming seedings in vain */
  static bool ssl_seeded = FALSE;
  if(!ssl_seeded || data->set.ssl.random_file || data->set.ssl.egdsocket) {
    ossl_seed(data);
    ssl_seeded = TRUE;
  }
  return 0;
 }
 #ifndef SSL_FILETYPE_ENGINE
 #define SSL_FILETYPE_ENGINE 42
 #endif
@ -531,9 +544,6 @@ static char *SSL_strerror(unsigned long error, char *buf, size_t size)
  return (buf);
 }
 /* we have the "SSL is seeded" boolean global for the application to
   prevent multiple time-consuming seedings in vain */
 static bool ssl_seeded = FALSE;
 #endif /* USE_SSLEAY */
 #ifdef USE_SSLEAY
@ -1166,12 +1176,8 @@ Curl_ossl_connect_step1(struct connectdata *conn,
  curlassert(ssl_connect_1 == connssl->connecting_state);
-  if(!ssl_seeded || data->set.ssl.random_file || data->set.ssl.egdsocket) {
+  /* Make funny stuff to get random input */
-    /* Make funny stuff to get random input */
+  Curl_ossl_seed(data);
    random_the_seed(data);
    ssl_seeded = TRUE;
  }
  /* check to see if we've been told to use an explicit SSL/TLS version */
  switch(data->set.ssl.version) {
--- a/lib/ssluse.h
+++ b/lib/ssluse.h
@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -63,7 +63,7 @@ ssize_t Curl_ossl_recv(struct connectdata *conn, /* connection data */
                       bool *wouldblock);
 size_t Curl_ossl_version(char *buffer, size_t size);
 int Curl_ossl_check_cxn(struct connectdata *cxn);
 int Curl_ossl_seed(struct SessionHandle *data);
 #endif
--- a/tests/data/test150
+++ b/tests/data/test150
@ -69,7 +69,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /150 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test155
+++ b/tests/data/test155
@ -101,7 +101,7 @@ Content-Length: 85
 Expect: 100-continue
 PUT /155 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 Content-Length: 0
--- a/tests/data/test159
+++ b/tests/data/test159
@ -69,7 +69,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /159 HTTP/1.0
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test162
+++ b/tests/data/test162
@ -35,7 +35,7 @@ http://%HOSTIP:%HTTPPORT/162 --proxy http://%HOSTIP:%HTTPPORT --proxy-user foo:b
 </strip>
 <protocol>
 GET http://127.0.0.1:%HTTPPORT/162 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.8.1-pre3 (sparc-sun-solaris2.7) libcurl 7.8.1-pre3 (OpenSSL 0.9.6a) (krb4 enabled)
 Host: 127.0.0.1:%HTTPPORT
 Pragma: no-cache
--- a/tests/data/test169
+++ b/tests/data/test169
@ -87,7 +87,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAAAw
 </strippart)
 <protocol>
 GET http://data.from.server.requiring.digest.hohoho.com/169 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.12.0-CVS (i686-pc-linux-gnu) libcurl/7.12.0-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.3
 Host: data.from.server.requiring.digest.hohoho.com
 Pragma: no-cache
--- a/tests/data/test170
+++ b/tests/data/test170
@ -25,7 +25,7 @@ http://a.galaxy.far.far.away/170 --proxy http://%HOSTIP:%HTTPPORT --proxy-user f
 </strip>
 <protocol>
 POST http://a.galaxy.far.far.away/170 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.12.0-CVS (i686-pc-linux-gnu) libcurl/7.12.0-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 libidn/0.4.3
 Host: a.galaxy.far.far.away
 Pragma: no-cache
--- a/tests/data/test176
+++ b/tests/data/test176
@ -56,7 +56,7 @@ http://%HOSTIP:%HTTPPORT/176 -u auser:apasswd --ntlm -d "junkelijunk"
 </strip>
 <protocol nonewline=yes>
 POST /176 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test209
+++ b/tests/data/test209
@ -86,7 +86,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
 <protocol>
 CONNECT test.remote.server.com:209 HTTP/1.0
 Host: test.remote.server.com:209
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 Proxy-Connection: Keep-Alive
 CONNECT test.remote.server.com:209 HTTP/1.0
--- a/tests/data/test213
+++ b/tests/data/test213
@ -86,7 +86,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
 <protocol nonewline=yes>
 CONNECT test.remote.server.com:213 HTTP/1.0
 Host: test.remote.server.com:213
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 Proxy-Connection: Keep-Alive
 CONNECT test.remote.server.com:213 HTTP/1.0
--- a/tests/data/test239
+++ b/tests/data/test239
@ -63,7 +63,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
 </strippart)
 <protocol nonewline=yes>
 POST http://%HOSTIP:%HTTPPORT/239 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13
 Host: %HOSTIP:%HTTPPORT
 Pragma: no-cache
--- a/tests/data/test243
+++ b/tests/data/test243
@ -100,7 +100,7 @@ Content-Length: 6
 Content-Type: application/x-www-form-urlencoded
 postitPOST http://%HOSTIP:%HTTPPORT/243 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.13.2-CVS (i686-pc-linux-gnu) libcurl/7.13.2-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13
 Host: %HOSTIP:%HTTPPORT
 Pragma: no-cache
--- a/tests/data/test265
+++ b/tests/data/test265
@ -89,7 +89,7 @@ s/^(Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABQ
 <protocol nonewline=yes>
 CONNECT test.remote.server.com:265 HTTP/1.0
 Host: test.remote.server.com:265
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 Proxy-Connection: Keep-Alive
 CONNECT test.remote.server.com:265 HTTP/1.0
--- a/tests/data/test267
+++ b/tests/data/test267
@ -76,7 +76,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol nonewline=yes>
 POST /267 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test67
+++ b/tests/data/test67
@ -76,7 +76,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /67 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test68
+++ b/tests/data/test68
@ -78,7 +78,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /68 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test69
+++ b/tests/data/test69
@ -96,7 +96,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 GET /69 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test81
+++ b/tests/data/test81
@ -74,7 +74,7 @@ s/(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAA
 </strippart)
 <protocol>
 GET http://127.0.0.1:%HTTPPORT/81 HTTP/1.1
-Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Pragma: no-cache
--- a/tests/data/test89
+++ b/tests/data/test89
@ -109,7 +109,7 @@ s/^(Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAA
 </strippart)
 <protocol>
 GET /89 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
@ -121,7 +121,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 GET /you/890010 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.8-pre1 (i686-pc-linux-gnu) libcurl/7.10.8-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 GSS
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test90
+++ b/tests/data/test90
@ -148,7 +148,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 GET /90 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
@ -164,7 +164,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 GET /you/900010 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.8-pre1 (i686-pc-linux-gnu) libcurl/7.10.8-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3 GSS
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*
--- a/tests/data/test91
+++ b/tests/data/test91
@ -99,7 +99,7 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*
 GET /91 HTTP/1.1
-Authorization: NTLM TlRMTVNTUAABAAAABoIAAAAAAAAAAAAAAAAAAAAAAAA=
+Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
 User-Agent: curl/7.10.6-pre1 (i686-pc-linux-gnu) libcurl/7.10.6-pre1 OpenSSL/0.9.7a ipv6 zlib/1.1.3
 Host: 127.0.0.1:%HTTPPORT
 Accept: */*