NTLM has weak security and does not work over HTTP/2 or HTTP/3.
Enable in cmake or configure to get support for it.
Closes #20698
generate: >-
-DENABLE_DEBUG=ON -DENABLE_ARES=ON
-DCURL_ENABLE_SSL=OFF -DHTTP_ONLY=ON
- -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_ALTSVC=ON -DENABLE_UNIX_SOCKETS=OFF
+ -DCURL_ENABLE_NTLM=OFF -DCURL_DISABLE_ALTSVC=ON -DENABLE_UNIX_SOCKETS=OFF
-DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=OFF -DUSE_NGHTTP2=OFF
-DCURL_USE_GSSAPI=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF
-DCURL_BROTLI=OFF -DCURL_ZLIB=OFF -DCURL_ZSTD=OFF
mark_as_advanced(CURL_DISABLE_BINDLOCAL)
option(CURL_DISABLE_NETRC "Disable netrc parser" OFF)
mark_as_advanced(CURL_DISABLE_NETRC)
-option(CURL_DISABLE_NTLM "Disable NTLM support" OFF)
-mark_as_advanced(CURL_DISABLE_NTLM)
+option(CURL_ENABLE_NTLM "Enable NTLM support" OFF)
+mark_as_advanced(CURL_ENABLE_NTLM)
option(CURL_DISABLE_PARSEDATE "Disable date parsing" OFF)
mark_as_advanced(CURL_DISABLE_PARSEDATE)
option(CURL_DISABLE_POP3 "Disable POP3" OFF)
# NTLM support requires crypto functions from various SSL libs.
# These conditions must match those in lib/curl_setup.h.
-if(NOT CURL_DISABLE_NTLM AND
+if(CURL_ENABLE_NTLM AND
((USE_OPENSSL AND HAVE_DES_ECB_ENCRYPT) OR
(USE_MBEDTLS AND HAVE_MBEDTLS_DES_CRYPT_ECB) OR
USE_GNUTLS OR
(HAVE_GSSAPI OR USE_WINDOWS_SSPI))
curl_add_if("Kerberos" NOT CURL_DISABLE_KERBEROS_AUTH AND
(HAVE_GSSAPI OR USE_WINDOWS_SSPI))
-curl_add_if("NTLM" NOT CURL_DISABLE_NTLM AND
+curl_add_if("NTLM" CURL_ENABLE_NTLM AND
(_use_curl_ntlm_core OR USE_WINDOWS_SSPI))
curl_add_if("TLS-SRP" USE_TLS_SRP)
curl_add_if("HTTP2" USE_NGHTTP2)
AS_HELP_STRING([--enable-ntlm],[Enable NTLM support])
AS_HELP_STRING([--disable-ntlm],[Disable NTLM support]),
[ case "$enableval" in
- no)
- AC_MSG_RESULT(no)
- AC_DEFINE(CURL_DISABLE_NTLM, 1, [to disable NTLM support])
- CURL_DISABLE_NTLM=1
+ yes)
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(CURL_ENABLE_NTLM, 1, [enable NTLM support])
+ CURL_ENABLE_NTLM=1
;;
*)
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT(no)
;;
esac ],
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT(no)
)
dnl ************************************************************
use_curl_ntlm_core=no
-if test "$CURL_DISABLE_NTLM" != "1"; then
+if test "$CURL_ENABLE_NTLM" = "1"; then
if test "$HAVE_DES_ECB_ENCRYPT" = "1" ||
test "$GNUTLS_ENABLED" = "1" ||
test "$USE_WIN32_CRYPTO" = "1" ||
Disable the netrc parser.
-## `CURL_DISABLE_NTLM`
-
-Disable support for NTLM.
-
## `CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG`
Disable the auto load config support in the OpenSSL backend.
## Enabling features
+- `CURL_ENABLE_NTLM`: Enable NTLM support. Default: `OFF`
- `CURL_ENABLE_SSL`: Enable SSL support. Default: `ON`
- `CURL_WINDOWS_SSPI`: Enable SSPI on Windows. Default: =`CURL_USE_SCHANNEL`
- `ENABLE_IPV6`: Enable IPv6 support. Default: `ON` if target supports IPv6.
- `CURL_DISABLE_MQTT`: Disable MQTT. Default: `OFF`
- `CURL_DISABLE_NEGOTIATE_AUTH`: Disable negotiate authentication. Default: `OFF`
- `CURL_DISABLE_NETRC`: Disable netrc parser. Default: `OFF`
-- `CURL_DISABLE_NTLM`: Disable NTLM support. Default: `OFF`
- `CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG`: Disable automatic loading of OpenSSL configuration. Default: `OFF`
- `CURL_DISABLE_PARSEDATE`: Disable date parsing. Default: `OFF`
- `CURL_DISABLE_POP3`: Disable POP3. Default: `OFF`
/* disables netrc parser */
#cmakedefine CURL_DISABLE_NETRC 1
-/* disables NTLM support */
-#cmakedefine CURL_DISABLE_NTLM 1
+/* enables NTLM support */
+#cmakedefine CURL_ENABLE_NTLM 1
/* disables date parsing */
#cmakedefine CURL_DISABLE_PARSEDATE 1
#endif
/* Single point where USE_NTLM definition might be defined */
-#ifndef CURL_DISABLE_NTLM
+#ifdef CURL_ENABLE_NTLM
# if (defined(USE_OPENSSL) && defined(HAVE_DES_ECB_ENCRYPT)) || \
defined(USE_GNUTLS) || \
(defined(USE_MBEDTLS) && defined(HAVE_MBEDTLS_DES_CRYPT_ECB)) || \
$write cvh "#undef CURL_DISABLE_LIBCURL_OPTION"
$write cvh "#endif"
$write cvh "#ifndef __VAX"
-$write cvh "#ifdef CURL_DISABLE_NTLM"
-$write cvh "#undef CURL_DISABLE_NTLM"
-$write cvh "#endif"
$write cvh "#else"
$! NTLM needs long long or int64 support, missing from DECC C.
$write cvh "#ifdef __DECC
-$write cvh "#ifndef CURL_DISABLE_NTLM"
-$write cvh "#define CURL_DISABLE_NTLM 1"
-$write cvh "#endif"
$write cvh "#endif"
$write cvh "#endif"
$write cvh "#ifdef CURL_DISABLE_POP3"
projects / thirdparty / curl.git / commitdiff
