The calculation of the spnego token length at https://github.com/stnoonan/spnego-http-auth-nginx-module/blob/master/ngx_http_auth_spnego_module.c#L867 incorrectly uses one less byte than the output token returned from the earlier gss_accept_sec_context() call.
This causes mutual authentication to fail because the client won't receive the full set of token bytes.
It should drop the "- 1" and just do "spnego_token.len = output_token.length".
The calculation of the spnego token length at https://github.com/stnoonan/spnego-http-auth-nginx-module/blob/master/ngx_http_auth_spnego_module.c#L867 incorrectly uses one less byte than the output token returned from the earlier gss_accept_sec_context() call. This causes mutual authentication to fail because the client won't receive the full set of token bytes. It should drop the "- 1" and just do "spnego_token.len = output_token.length".