cURL / Mailing Lists / curl-library / Single Mail


RE: schannel_connect_step3 failures

From: Salisbury, Mark <>
Date: Thu, 21 Jun 2012 17:01:09 +0000

Yang, Marc, et. All,

>> I am worried that the flags change in your use cases. And I really don't like the
>> idea of ignoring or just warning about non-matching flags.
>> are pretty important to make sure that the SSL connection is actually "secure". Why
>> would you want to communicate through an SSL connection that is actually not
>> secure? There should be some other way to fix this.

>> I am pretty busy with final exams during the following weeks, so I
>> would like to ask whether you or someone else could spend a little
>> more research on this issue before simple ignoring the source of the
>> actual problem. Thanks in advance, I would really appreciate it!

>No intention to ignore it on this side. Actually I'm raising the issue publicly, and listening to your >recommendation of not disabling the check.

I loaded the URL Yang mentioned the problem with - - without issues on WinXP and Win7. I don't have a Win2k machine to duplicate the problem on.

MSDN says InitializeSecurityContext() with the flags we care about here are supported from Win2k onwards.

One possibility is to disable the checks only on Win2k (something like #if WINVER <= 0x400). I'd recommend not making any change though until we learn more. I tried a quick search of the web but did not find anything.


List admin:

List admin:
Received on 2012-06-21