curl-library
[curl:bugs] #1187 winsspi ssl engine was unable connect through ssl (fwd)
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 4 Feb 2013 14:38:10 +0100 (CET)
Date: Mon, 4 Feb 2013 14:38:10 +0100 (CET)
Hi friends,
I need a little help from someone with decent Windows knowledge to comment on
and massage this issue!
--- ** [bugs:#1187] winsspi ssl engine was unable connect through ssl** **Status:** open **Labels:** ssl winsspi windows **Created:** Mon Feb 04, 2013 10:36 AM UTC by Andrew Kurushin **Last Updated:** Mon Feb 04, 2013 10:36 AM UTC **Owner:** nobody winsspi ssl engine was unable connect through ssl with curl build with winsspi(no openssl): [-----] curl --verbose -k https://XX.XX.XX.XX * About to connect() to test port 443 (#0) * Trying XX.XX.XX.XX... * connected * Connected to XX.XX.XX.XX (XX.XX.XX.XX) port 443 (#0) * schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 1/3) * schannel: disable server certificate revocation checks * schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates. Also disables SNI. * schannel: sending initial handshake data: sending 119 bytes... * schannel: sent initial handshake data: sent 119 bytes * schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 2/3) * schannel: encrypted data buffer: offset 3326 length 4096 * schannel: sending next handshake data: sending 326 bytes... * schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 2/3) * schannel: encrypted data buffer: offset 59 length 4096 * schannel: SSL/TLS handshake complete * schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 3/3) * schannel: failed to setup extended errors * Closing connection #0 * schannel: shutting down SSL/TLS connection with XX.XX.XX.XX port 443 curl: (35) schannel: failed to setup extended errors [-----] this error occured only on some specific machine: win7 without sp1 maybe it's related to http://support.microsoft.com/kb/975858 i have made following changes: [-----] Index: lib/curl_schannel.c =================================================================== --- lib/curl_schannel.c (revision) +++ lib/curl_schannel.c (working copy) @@ -219,7 +219,7 @@ /* setup request flags */ connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | - ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR | + ISC_REQ_CONFIDENTIALITY | // ISC_REQ_EXTENDED_ERROR | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM; /* allocate memory for the security context handle */ @@ -503,8 +503,10 @@ failf(data, "schannel: failed to setup replay detection"); if(!(connssl->ret_flags & ISC_RET_CONFIDENTIALITY)) failf(data, "schannel: failed to setup confidentiality"); +/* if(!(connssl->ret_flags & ISC_RET_EXTENDED_ERROR)) failf(data, "schannel: failed to setup extended errors"); +*/ if(!(connssl->ret_flags & ISC_RET_ALLOCATED_MEMORY)) failf(data, "schannel: failed to setup memory allocation"); if(!(connssl->ret_flags & ISC_RET_STREAM)) [-----] and the problem has gone. i don't now if CURL really need specify ISC_REQ_EXTENDED_ERROR cause it's not related to client side; --- Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1187/> To unsubscribe from further messages, please visit <https://sourceforge.net/auth/prefs/> ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2013-02-04