On Tue, Oct 22, 2013 at 08:21:48PM -0700, Shawn Pearce wrote:
> From my perspective, it is OK to defaulting to use 100-continue if the
> server supports Negotiate. If the user is stuck behind a broken proxy
> and can't authenticate, they can't authenticate. They can either set
> the variable to false, or fix their proxy, or use a different server,
> etc.

I think Jonathan's suggestion was to get rid of the variable altogether
and simply make the code conditional on whether the server is offering
GSS-Negotiate.  I plan to make the use of 100-continue conditional on
large_request as well, so that it only covers the case where it would
otherwise fail.  People who have broken proxies or broken servers and
are using GSS-Negotiate (which, as I said, is probably very few people,
if any) will simply have to increase the postbuffer size as before.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187