From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 21 Sep 2025 21:34:37 +0000 (+0200)
Subject: socks_gssapi: remove the forced "no protection"
X-Git-Tag: rc-8_17_0-2~368
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=98dae1d992aa1b048230f9d4934aefe8128b2f6c;p=thirdparty%2Fcurl.git

socks_gssapi: remove the forced "no protection"

If a protected connection is requested, don't claim to drop down to "no
protection".

Reported in Joshua's sarif data

Closes #18712
---

diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index b6530d5d7d..0aa6f7245f 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -359,8 +359,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
   infof(data, "SOCKS5 server supports GSS-API %s data protection.",
         (gss_enc == 0) ? "no" :
         ((gss_enc == 1) ? "integrity" : "confidentiality"));
-  /* force for the moment to no data protection */
-  gss_enc = 0;
+
   /*
    * Sending the encryption type in clear seems wrong. It should be
    * protected with gss_seal()/gss_wrap(). See RFC1961 extract below