cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: schannel_connect_step3 failures

From: Salisbury, Mark <mark.salisbury_at_hp.com>
Date: Thu, 21 Jun 2012 17:01:09 +0000

Yang, Marc, et. All,

>> I am worried that the flags change in your use cases. And I really don't like the
>> idea of ignoring or just warning about non-matching flags.
>> ISC_RET_CONFIDENTIALITY, ISC_RET_REPLAY_DETECT and ISC_RET_SEQUENCE_DETECT
>> are pretty important to make sure that the SSL connection is actually "secure". Why
>> would you want to communicate through an SSL connection that is actually not
>> secure? There should be some other way to fix this.

>> I am pretty busy with final exams during the following weeks, so I
>> would like to ask whether you or someone else could spend a little
>> more research on this issue before simple ignoring the source of the
>> actual problem. Thanks in advance, I would really appreciate it!

>No intention to ignore it on this side. Actually I'm raising the issue publicly, and listening to your >recommendation of not disabling the check.

I loaded the URL Yang mentioned the problem with - https://www.digicert.com/ - without issues on WinXP and Win7. I don't have a Win2k machine to duplicate the problem on.

MSDN says InitializeSecurityContext() with the flags we care about here are supported from Win2k onwards.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924(v=vs.85).aspx

One possibility is to disable the checks only on Win2k (something like #if WINVER <= 0x400). I'd recommend not making any change though until we learn more. I tried a quick search of the web but did not find anything.

Mark

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-06-21