http: avoid auth failure on a duplicated header

... 'WWW-Authenticate: Negotiate' received from server Reported by: David Woodhouse Bug: https://bugzilla.redhat.com/1093348
2014-05-05 14:49:30 +02:00 · 2014-05-05 14:49:30 +02:00 · ec5fde24de
commit ec5fde24de
parent 1343756742
2 changed files with 3 additions and 1 deletions
--- a/2
+++ b/2
@ -64,6 +64,7 @@ This release includes the following bugfixes:
 o curl_multi_cleanup: ignore SIGPIPE better [13]
 o schannel: don't use the connect-timeout during send [14]
 o mprintf: allow %.s with data not being zero terminated
+ o http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header [15]

 This release includes the following known bugs:

@ -96,3 +97,4 @@ References to bug reports and discussions on issues:
 [12] = http://curl.haxx.se/mail/lib-2014-04/0161.html
 [13] = http://thread.gmane.org/gmane.comp.version-control.git/238242
 [14] = http://curl.haxx.se/bug/view.cgi?id=1352
+ [15] = https://bugzilla.redhat.com/1093348
--- a/lib/http.c
+++ b/lib/http.c
@ -780,7 +780,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
          infof(data, "Authentication problem. Ignoring this.\n");
          data->state.authproblem = TRUE;
        }
-        else {
+        else if(data->state.negotiate.state == GSS_AUTHNONE) {
          neg = Curl_input_negotiate(conn, proxy, auth);
          if(neg == 0) {
            DEBUGASSERT(!data->req.newurl);