kerberos: drop logic for MIT Kerberos <1.2.3 (pre-2002) versions

curl requires 1.2.4 or newer. Also: - vms: stop defining `gss_nt_service_name`. Added in f9cf3de70b3a494f627eda6cccf6607616eaf449, symbol not used in curl code since 355bf01c828af16c47ab52bccb9ade769f8bf158. Closes #18978
2026-01-26 15:03:21 +00:00 · 2025-10-09 17:15:02 +02:00 · 2025-10-09 17:15:02 +02:00 · 0d560d00fa
commit 0d560d00fa
parent be5a5c10d4
6 changed files with 1 additions and 65 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1445,34 +1445,8 @@ if(CURL_USE_GSSAPI)
    else()  # MIT
      cmake_push_check_state()
      list(APPEND CMAKE_REQUIRED_INCLUDES "${GSS_INCLUDE_DIRS}")
-
-      set(_include_list "")
-
      check_include_file("gssapi/gssapi.h" HAVE_GSSAPI_GSSAPI_H)
-      if(HAVE_GSSAPI_GSSAPI_H)
-        list(APPEND _include_list "gssapi/gssapi.h")
-      endif()
-
-      check_include_files("${_include_list};gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
-      check_include_files("${_include_list};gssapi/gssapi_krb5.h" _have_gssapi_gssapi_krb5_h)
-      if(HAVE_GSSAPI_GSSAPI_GENERIC_H)
-        list(APPEND _include_list "gssapi/gssapi_generic.h")
-      endif()
-      if(_have_gssapi_gssapi_krb5_h)
-        list(APPEND _include_list "gssapi/gssapi_krb5.h")
-      endif()
-
-      if(NOT DEFINED HAVE_GSS_C_NT_HOSTBASED_SERVICE)
-        string(APPEND CMAKE_REQUIRED_FLAGS " ${GSS_CFLAGS}")
-        list(APPEND CMAKE_REQUIRED_LIBRARIES "${GSS_LIBRARIES}")
-        curl_required_libpaths("${GSS_LIBRARY_DIRS}")
-        check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" "${_include_list}" HAVE_GSS_C_NT_HOSTBASED_SERVICE)
-      endif()
-      if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE)
-        set(HAVE_OLD_GSSMIT ON)
-      endif()
-
-      unset(_include_list)
+      check_include_file("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
      cmake_pop_check_state()
    endif()
  else()
--- a/configure.ac
+++ b/configure.ac
@ -1855,29 +1855,6 @@ if test x"$want_gss" = xyes; then
      if test "x$not_mit" = "x1"; then
        dnl MIT not found
        AC_MSG_ERROR([MIT or GNU GSS library required, but not found])
-      else
-        dnl MIT found
-        dnl check if we have a really old MIT Kerberos version (<= 1.2)
-        AC_MSG_CHECKING([if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE])
-        AC_COMPILE_IFELSE([
-          AC_LANG_PROGRAM([[
-            #include <gssapi/gssapi.h>
-            #include <gssapi/gssapi_generic.h>
-            #include <gssapi/gssapi_krb5.h>
-          ]],[[
-            gss_import_name(
-                            (OM_uint32 *)0,
-                            (gss_buffer_t)0,
-                            GSS_C_NT_HOSTBASED_SERVICE,
-                            (gss_name_t *)0);
-          ]])
-        ],[
-          AC_MSG_RESULT([yes])
-        ],[
-          AC_MSG_RESULT([no])
-          AC_DEFINE(HAVE_OLD_GSSMIT, 1,
-            [if you have an old MIT Kerberos version, lacking GSS_C_NT_HOSTBASED_SERVICE])
-        ])
      fi
    ]
  )
--- a/docs/INSTALL-CMAKE.md
+++ b/docs/INSTALL-CMAKE.md
@ -474,7 +474,6 @@ the parent project, ideally in the "extra" find package redirect file:
 Available variables:

 - `HAVE_GNUTLS_SRP`:                        `gnutls_srp_verifier` present in GnuTLS.
- `HAVE_GSS_C_NT_HOSTBASED_SERVICE`:        `GSS_C_NT_HOSTBASED_SERVICE` present in GSS/Kerberos.
 - `HAVE_LDAP_INIT_FD`:                      `ldap_init_fd` present in LDAP library.
 - `HAVE_LDAP_URL_PARSE`:                    `ldap_url_parse` present in LDAP library.
 - `HAVE_OPENSSL_SRP`:                       `SSL_CTX_set_srp_username` present in OpenSSL (or fork).
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@ -421,9 +421,6 @@
 /* Define to 1 if you have the <net/if.h> header file. */
 #cmakedefine HAVE_NET_IF_H 1

-/* if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE */
-#cmakedefine HAVE_OLD_GSSMIT 1
-
 /* Define to 1 if you have the `pipe' function. */
 #cmakedefine HAVE_PIPE 1

--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@ -51,12 +51,6 @@ OM_uint32 Curl_gss_delete_sec_context(OM_uint32 *min,
 void Curl_gss_log_error(struct Curl_easy *data, const char *prefix,
                        OM_uint32 major, OM_uint32 minor);

-/* Provide some definitions missing in old headers */
-#ifdef HAVE_OLD_GSSMIT
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#define NCOMPAT 1
-#endif
-
 /* Define our privacy and integrity protection values */
 #define GSSAUTH_P_NONE      1
 #define GSSAUTH_P_INTEGRITY 2
--- a/packages/vms/generate_config_vms_h_curl.com
+++ b/packages/vms/generate_config_vms_h_curl.com
@ -337,11 +337,6 @@ $write cvh "#ifdef USE_UNIX_SOCKETS"
 $write cvh "#undef USE_UNIX_SOCKETS"
 $write cvh "#endif"
 $!
-$write cvh "#ifndef HAVE_OLD_GSSMIT"
-$write cvh "#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE"
-$write cvh "#endif"
-$!
-$!
 $! Note:
 $! The CURL_EXTERN_SYMBOL is used for platforms that need the compiler
 $! to know about universal symbols.  VMS does not need this support so