Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Changes I had to make to libcurl sources for Windows mutual auth to work
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Tuomas Kaikkonen via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 12 Apr 2022 14:56:23 -0700
I had to comment out few lines that check Windows NT version number in
order to get curl mutual auth to work with 90m/CAC cards (Windows
certificates).
Without this change, the curl would close TLS connection after sending only
partial data response to all my requests to the IIS.
I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
VERSION_EQUAL) is the culprit.
I run curl lib on Windows 10 Professional.
This is the change I made to curl 7.81.0 sources:
diff --git a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
index 0a8e60610d..bd75256c21 100644
--- a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
+++ b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
_at__at_ -2052,10 +2052,11 _at__at_ schannel_recv(struct Curl_easy *data, int sockindex,
*/
if(len && !backend->decdata_offset && backend->recv_connection_closed &&
!backend->recv_sspi_close_notify) {
- bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
- VERSION_EQUAL);
-
- if(isWin2k && sspi_status == SEC_E_OK)
+ //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
+ // VERSION_EQUAL);
+ //
+ //if(isWin2k && sspi_status == SEC_E_OK)
+ if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */
backend->recv_sspi_close_notify = true;
else {
*err = CURLE_RECV_ERROR;
Tuomas Kaikkonen
Principal Software Engineer, WAVE Core, Motorola Solutions
3131 Elliott Ave, Suite 200, Seattle, WA 98121
phone: (425) 919-8973
Date: Tue, 12 Apr 2022 14:56:23 -0700
I had to comment out few lines that check Windows NT version number in
order to get curl mutual auth to work with 90m/CAC cards (Windows
certificates).
Without this change, the curl would close TLS connection after sending only
partial data response to all my requests to the IIS.
I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
VERSION_EQUAL) is the culprit.
I run curl lib on Windows 10 Professional.
This is the change I made to curl 7.81.0 sources:
diff --git a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
index 0a8e60610d..bd75256c21 100644
--- a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
+++ b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
_at__at_ -2052,10 +2052,11 _at__at_ schannel_recv(struct Curl_easy *data, int sockindex,
*/
if(len && !backend->decdata_offset && backend->recv_connection_closed &&
!backend->recv_sspi_close_notify) {
- bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
- VERSION_EQUAL);
-
- if(isWin2k && sspi_status == SEC_E_OK)
+ //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
+ // VERSION_EQUAL);
+ //
+ //if(isWin2k && sspi_status == SEC_E_OK)
+ if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */
backend->recv_sspi_close_notify = true;
else {
*err = CURLE_RECV_ERROR;
Tuomas Kaikkonen
Principal Software Engineer, WAVE Core, Motorola Solutions
3131 Elliott Ave, Suite 200, Seattle, WA 98121
phone: (425) 919-8973
-- *For more information on how and why we collect your personal information, please visit our Privacy Policy <https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-04-13