krb5: Fixed missing client response when mutual authentication enabled

Although mutual authentication is currently turned off and can only be
enabled by changing libcurl source code, authentication using Kerberos
5 has been broken since commit 79543caf90 in this use case.

diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index 18c6dbb46f43f6fce63d1f2756c8eaad74808c17..888a279c62335911fb9976fe48b6e952682eadb2 100644 (file)
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -163,6 +163,11 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
 
     gss_release_buffer(&unused_status, &output_token);
   }
+  else if(mutual_auth) {
+    *outptr = strdup("");
+    if(!*outptr)
+      result = CURLE_OUT_OF_MEMORY;
+  }
 
   return result;
 }

diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index ee80daee058a1928ace01bb159710fde14a6946e..605933197b65a82ac859778353f930fdfb389cc7 100644 (file)
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -212,6 +212,11 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data,
     result = Curl_base64_encode(data, (char *) resp_buf.pvBuffer,
                                 resp_buf.cbBuffer, outptr, outlen);
   }
+  else if(mutual_auth) {
+    *outptr = strdup("");
+    if(!*outptr)
+      result = CURLE_OUT_OF_MEMORY;
+  }
 
   /* Free the decoded challenge */
   free(chlg);