curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Changes I had to make to libcurl sources for Windows mutual auth to work

From: Tuomas Kaikkonen via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 12 Apr 2022 14:56:23 -0700

I had to comment out few lines that check Windows NT version number in
order to get curl mutual auth to work with 90m/CAC cards (Windows
certificates).

Without this change, the curl would close TLS connection after sending only
partial data response to all my requests to the IIS.
I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
VERSION_EQUAL) is the culprit.
I run curl lib on Windows 10 Professional.

This is the change I made to curl 7.81.0 sources:

diff --git a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
index 0a8e60610d..bd75256c21 100644
--- a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
+++ b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
_at__at_ -2052,10 +2052,11 _at__at_ schannel_recv(struct Curl_easy *data, int sockindex,
   */
   if(len && !backend->decdata_offset && backend->recv_connection_closed &&
      !backend->recv_sspi_close_notify) {
- bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
- VERSION_EQUAL);
-
- if(isWin2k && sspi_status == SEC_E_OK)
+ //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
+ // VERSION_EQUAL);
+ //
+ //if(isWin2k && sspi_status == SEC_E_OK)
+ if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */
       backend->recv_sspi_close_notify = true;
     else {
       *err = CURLE_RECV_ERROR;

Tuomas Kaikkonen
Principal Software Engineer, WAVE Core, Motorola Solutions
3131 Elliott Ave, Suite 200, Seattle, WA 98121
phone: (425) 919-8973

-- 
*For more information on how and why we collect your personal 
information, please visit our Privacy Policy 
<https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*


-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-04-13