Dan Fandrich added the --disable-crypto-auth option to configure to allow

libcurl to build without Digest support. (I figure it should also explicitly
disable Negotiate and NTLM.)

configure.ac

@@ -1473,6 +1473,25 @@ AC_HELP_STRING([--disable-debug],[Disable debug options]),
        AC_MSG_RESULT(no)
 )
 
+dnl ************************************************************
+dnl disable cryptographic authentication
+dnl
+AC_MSG_CHECKING([whether to enable cryptographic authentication methods])
+AC_ARG_ENABLE(crypto-auth,
+AC_HELP_STRING([--enable-crypto-auth],[Enable cryptographic authentication])
+AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       AC_DEFINE(CURL_DISABLE_CRYPTO_AUTH, 1, [to disable cryptographic authentication])
+       AC_SUBST(CURL_DISABLE_CRYPTO_AUTH)
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       ;;
+  esac ],
+       AC_MSG_RESULT(yes)
+)
+
 AM_CONDITIONAL(CROSSCOMPILING, test x$cross_compiling = xyes)
 
 AC_CONFIG_FILES([Makefile \

lib/http.c

@@ -330,6 +330,7 @@ Curl_http_output_auth(struct connectdata *conn,
         }
         data->state.authproxy.done = TRUE;
       }
+#ifndef CURL_DISABLE_CRYPTO_AUTH
       else if(data->state.authproxy.want == CURLAUTH_DIGEST) {
         auth=(char *)"Digest";
         result = Curl_output_digest(conn,
@@ -339,7 +340,7 @@ Curl_http_output_auth(struct connectdata *conn,
         if(result)
           return result;
       }
-
+#endif
       infof(data, "Proxy auth using %s with user '%s'\n",
             auth, conn->proxyuser?conn->proxyuser:"");
     }
@@ -373,6 +374,7 @@ Curl_http_output_auth(struct connectdata *conn,
       else
 #endif
       {
+#ifndef CURL_DISABLE_CRYPTO_AUTH
         if(data->state.authhost.picked == CURLAUTH_DIGEST) {
           auth=(char *)"Digest";
           result = Curl_output_digest(conn,
@@ -381,8 +383,9 @@ Curl_http_output_auth(struct connectdata *conn,
                                       (unsigned char *)path);
           if(result)
             return result;
-        }
-        else if(data->state.authhost.picked == CURLAUTH_BASIC) {
+        } else
+#endif
+        if(data->state.authhost.picked == CURLAUTH_BASIC) {
           if(conn->bits.user_passwd &&
              !checkheaders(data, "Authorization:")) {
             auth=(char *)"Basic";
@@ -489,6 +492,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
     }
     else
 #endif
+#ifndef CURL_DISABLE_CRYPTO_AUTH
       if(checkprefix("Digest", start)) {
         CURLdigest dig;
         *availp |= CURLAUTH_DIGEST;
@@ -504,7 +508,9 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
           data->state.authproblem = TRUE;
         }
       }
-      else if(checkprefix("Basic", start)) {
+      else
+#endif
+      if(checkprefix("Basic", start)) {
         *availp |= CURLAUTH_BASIC;
         authp->avail |= CURLAUTH_BASIC;
         if(authp->picked == CURLAUTH_BASIC) {

lib/http_digest.c

@@ -22,7 +22,7 @@
  ***************************************************************************/
 #include "setup.h"
 
-#ifndef CURL_DISABLE_HTTP
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
 /* -- WIN32 approved -- */
 #include <stdio.h>
 #include <string.h>

lib/md5.c

@@ -23,6 +23,8 @@
 
 #include "setup.h"
 
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+
 #ifndef USE_SSLEAY
 /* This code segment is only used if OpenSSL is not provided, as if it is
    we use the MD5-function provided there instead. No good duplicating
@@ -346,3 +348,5 @@ void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
   MD5_Update(&ctx, input, strlen((char *)input));
   MD5_Final(outbuffer, &ctx);
 }
+
+#endif

lib/url.c

@@ -250,7 +250,9 @@ CURLcode Curl_close(struct SessionHandle *data)
   }
   Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
 
+#ifndef CURL_DISABLE_CRYPTO_AUTH
   Curl_digest_cleanup(data);
+#endif
 #endif
 
   /* free the connection cache */