cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: schannel_connect_step3 failures

From: Yang Tse <yangsita_at_gmail.com>
Date: Wed, 20 Jun 2012 20:23:59 +0200

Code sets several ISC_REQ_* bit flags in order to setup security
context, and later verifies if the flags of the security context
actually match those previously set.

The problem is that except for ISC_REQ_ALLOCATE_MEMORY, all other may
simply be ignored, changed while handshaking and even further changed
while renegotiating.

I believe the fix is to only warn if returned flags don't match
requested ones, except for the ISC_REQ_ALLOCATE_MEMORY one which
should fail hard if it doesn't match and make schannel_connect_step3
fail.

-- 
-=[Yang]=-
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2012-06-20

This message: [ Message body ]
Next message: Yang Tse: "Re: further schannel improvements"
Previous message: Marc Hoersken: "Re: further schannel improvements"
In reply to: Yang Tse: "Re: schannel_connect_step3 failures"
Next in thread: Marc Hoersken: "Re: schannel_connect_step3 failures"
Reply: Marc Hoersken: "Re: schannel_connect_step3 failures"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]