From 0d560d00faaa6fa3ff3918d82c8fbd551452d17e Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Thu, 9 Oct 2025 17:15:02 +0200
Subject: [PATCH] kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002)
 versions

curl requires 1.2.4 or newer.

Also:
- vms: stop defining `gss_nt_service_name`. Added in
  f9cf3de70b3a494f627eda6cccf6607616eaf449, symbol not used in curl code
  since 355bf01c828af16c47ab52bccb9ade769f8bf158.

Closes #18978
---
 CMakeLists.txt                              | 28 +--------------------
 configure.ac                                | 23 -----------------
 docs/INSTALL-CMAKE.md                       |  1 -
 lib/curl_config.h.cmake                     |  3 ---
 lib/curl_gssapi.h                           |  6 -----
 packages/vms/generate_config_vms_h_curl.com |  5 ----
 6 files changed, 1 insertion(+), 65 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f711dff04a..d1c8fa32c5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1445,34 +1445,8 @@ if(CURL_USE_GSSAPI)
     else()  # MIT
       cmake_push_check_state()
       list(APPEND CMAKE_REQUIRED_INCLUDES "${GSS_INCLUDE_DIRS}")
-
-      set(_include_list "")
-
       check_include_file("gssapi/gssapi.h" HAVE_GSSAPI_GSSAPI_H)
-      if(HAVE_GSSAPI_GSSAPI_H)
-        list(APPEND _include_list "gssapi/gssapi.h")
-      endif()
-
-      check_include_files("${_include_list};gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
-      check_include_files("${_include_list};gssapi/gssapi_krb5.h" _have_gssapi_gssapi_krb5_h)
-      if(HAVE_GSSAPI_GSSAPI_GENERIC_H)
-        list(APPEND _include_list "gssapi/gssapi_generic.h")
-      endif()
-      if(_have_gssapi_gssapi_krb5_h)
-        list(APPEND _include_list "gssapi/gssapi_krb5.h")
-      endif()
-
-      if(NOT DEFINED HAVE_GSS_C_NT_HOSTBASED_SERVICE)
-        string(APPEND CMAKE_REQUIRED_FLAGS " ${GSS_CFLAGS}")
-        list(APPEND CMAKE_REQUIRED_LIBRARIES "${GSS_LIBRARIES}")
-        curl_required_libpaths("${GSS_LIBRARY_DIRS}")
-        check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" "${_include_list}" HAVE_GSS_C_NT_HOSTBASED_SERVICE)
-      endif()
-      if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE)
-        set(HAVE_OLD_GSSMIT ON)
-      endif()
-
-      unset(_include_list)
+      check_include_file("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
       cmake_pop_check_state()
     endif()
   else()
diff --git a/configure.ac b/configure.ac
index c76be65e96..c8843b5b46 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1855,29 +1855,6 @@ if test x"$want_gss" = xyes; then
       if test "x$not_mit" = "x1"; then
         dnl MIT not found
         AC_MSG_ERROR([MIT or GNU GSS library required, but not found])
-      else
-        dnl MIT found
-        dnl check if we have a really old MIT Kerberos version (<= 1.2)
-        AC_MSG_CHECKING([if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE])
-        AC_COMPILE_IFELSE([
-          AC_LANG_PROGRAM([[
-            #include <gssapi/gssapi.h>
-            #include <gssapi/gssapi_generic.h>
-            #include <gssapi/gssapi_krb5.h>
-          ]],[[
-            gss_import_name(
-                            (OM_uint32 *)0,
-                            (gss_buffer_t)0,
-                            GSS_C_NT_HOSTBASED_SERVICE,
-                            (gss_name_t *)0);
-          ]])
-        ],[
-          AC_MSG_RESULT([yes])
-        ],[
-          AC_MSG_RESULT([no])
-          AC_DEFINE(HAVE_OLD_GSSMIT, 1,
-            [if you have an old MIT Kerberos version, lacking GSS_C_NT_HOSTBASED_SERVICE])
-        ])
       fi
     ]
   )
diff --git a/docs/INSTALL-CMAKE.md b/docs/INSTALL-CMAKE.md
index 46215747e7..e5c6b0d375 100644
--- a/docs/INSTALL-CMAKE.md
+++ b/docs/INSTALL-CMAKE.md
@@ -474,7 +474,6 @@ the parent project, ideally in the "extra" find package redirect file:
 Available variables:
 
 - `HAVE_GNUTLS_SRP`:                        `gnutls_srp_verifier` present in GnuTLS.
-- `HAVE_GSS_C_NT_HOSTBASED_SERVICE`:        `GSS_C_NT_HOSTBASED_SERVICE` present in GSS/Kerberos.
 - `HAVE_LDAP_INIT_FD`:                      `ldap_init_fd` present in LDAP library.
 - `HAVE_LDAP_URL_PARSE`:                    `ldap_url_parse` present in LDAP library.
 - `HAVE_OPENSSL_SRP`:                       `SSL_CTX_set_srp_username` present in OpenSSL (or fork).
diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
index 521a439eef..9f37bbb6e2 100644
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -421,9 +421,6 @@
 /* Define to 1 if you have the <net/if.h> header file. */
 #cmakedefine HAVE_NET_IF_H 1
 
-/* if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE */
-#cmakedefine HAVE_OLD_GSSMIT 1
-
 /* Define to 1 if you have the `pipe' function. */
 #cmakedefine HAVE_PIPE 1
 
diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
index 2659f23460..6df7e059d3 100644
--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@@ -51,12 +51,6 @@ OM_uint32 Curl_gss_delete_sec_context(OM_uint32 *min,
 void Curl_gss_log_error(struct Curl_easy *data, const char *prefix,
                         OM_uint32 major, OM_uint32 minor);
 
-/* Provide some definitions missing in old headers */
-#ifdef HAVE_OLD_GSSMIT
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#define NCOMPAT 1
-#endif
-
 /* Define our privacy and integrity protection values */
 #define GSSAUTH_P_NONE      1
 #define GSSAUTH_P_INTEGRITY 2
diff --git a/packages/vms/generate_config_vms_h_curl.com b/packages/vms/generate_config_vms_h_curl.com
index 271ac60869..d7bc8bfc8f 100644
--- a/packages/vms/generate_config_vms_h_curl.com
+++ b/packages/vms/generate_config_vms_h_curl.com
@@ -337,11 +337,6 @@ $write cvh "#ifdef USE_UNIX_SOCKETS"
 $write cvh "#undef USE_UNIX_SOCKETS"
 $write cvh "#endif"
 $!
-$write cvh "#ifndef HAVE_OLD_GSSMIT"
-$write cvh "#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE"
-$write cvh "#endif"
-$!
-$!
 $! Note:
 $! The CURL_EXTERN_SYMBOL is used for platforms that need the compiler
 $! to know about universal symbols.  VMS does not need this support so
-- 
2.47.3