curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Changes I had to make to libcurl sources for Windows mutual auth to work

From: Daniel Gustafsson via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 13 Apr 2022 11:03:22 +0200

> On 12 Apr 2022, at 23:56, Tuomas Kaikkonen via curl-library <curl-library_at_lists.haxx.se> wrote:
>
> I had to comment out few lines that check Windows NT version number in order to get curl mutual auth to work with 90m/CAC cards (Windows certificates).
>
> Without this change, the curl would close TLS connection after sending only partial data response to all my requests to the IIS.
> I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT, VERSION_EQUAL) is the culprit.
> I run curl lib on Windows 10 Professional.

> - bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
> - VERSION_EQUAL);
> -
> - if(isWin2k && sspi_status == SEC_E_OK)
> + //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
> + // VERSION_EQUAL);
> + //
> + //if(isWin2k && sspi_status == SEC_E_OK)
> + if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */

This hammer seems fairly blunt, is there a way in which we can detect this case
(CAC 90m cards)?

As an aside, the API used in curlx_verify_windows_version was deprecated with
Windows 10 so we might need to look at updating the code there.

--
Daniel Gustafsson		https://vmware.com/
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-04-13