monnerat

Please, see comment https://github.com/curl/curl/pull/8986#issuecomment-1190134446 I'm still convinced the authentication mechanism must be part of the connection cache selection filtering if we commit this or else we would introduce a security...

From the current CI test results: 1) I suppose new tests should be disabled for rustls ? 2) I suspect we have a race problem when starting the protocol server...

> Why? rustls is supposed to generally work fine. It has 12 disabled tests that are supposed to work with. That's why I asked. > Hm, yes it is supposed...

> There are test failures now with NSS and rustls. Are they permafails or flaky? They seem to be non-flaky. I've succeeded in reproducing the NSS failure locally and it...

Thanks for your comment. In the meantime I've found the problem with NSS: the `data_pending` method is not implemented and `Curl_none_data_pending` is used for it, always telling there is no...

> I think at least a separate PR would make sense, yes!. I can produce one for NSS only. However the problem should probably be handled more generally, either for...

Should be OK now. New tests successful with NSS after commits ee0f739 and f22cd67 applied. Still fail with rustls: timeout in hello handshake --> rustls problem; new tests disabled for...

> Thanks! and sorry for taking so long Never mind and thanks for pulling.

I really prefer this way of resolving the problem rather than the fallback of #10027: the later causes a very fast double authentication attempt that may appear to the server...

> Please let me know which one you would prefer and I will change as appropriate. I'm in favor of `+LOGIN`: this will allow a more hortogonal option string between...