Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Changes I had to make to libcurl sources for Windows mutual auth to work
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Gustafsson via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 13 Apr 2022 11:03:22 +0200
> On 12 Apr 2022, at 23:56, Tuomas Kaikkonen via curl-library <curl-library_at_lists.haxx.se> wrote:
>
> I had to comment out few lines that check Windows NT version number in order to get curl mutual auth to work with 90m/CAC cards (Windows certificates).
>
> Without this change, the curl would close TLS connection after sending only partial data response to all my requests to the IIS.
> I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT, VERSION_EQUAL) is the culprit.
> I run curl lib on Windows 10 Professional.
> - bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
> - VERSION_EQUAL);
> -
> - if(isWin2k && sspi_status == SEC_E_OK)
> + //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
> + // VERSION_EQUAL);
> + //
> + //if(isWin2k && sspi_status == SEC_E_OK)
> + if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */
This hammer seems fairly blunt, is there a way in which we can detect this case
(CAC 90m cards)?
As an aside, the API used in curlx_verify_windows_version was deprecated with
Windows 10 so we might need to look at updating the code there.
Date: Wed, 13 Apr 2022 11:03:22 +0200
> On 12 Apr 2022, at 23:56, Tuomas Kaikkonen via curl-library <curl-library_at_lists.haxx.se> wrote:
>
> I had to comment out few lines that check Windows NT version number in order to get curl mutual auth to work with 90m/CAC cards (Windows certificates).
>
> Without this change, the curl would close TLS connection after sending only partial data response to all my requests to the IIS.
> I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT, VERSION_EQUAL) is the culprit.
> I run curl lib on Windows 10 Professional.
> - bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
> - VERSION_EQUAL);
> -
> - if(isWin2k && sspi_status == SEC_E_OK)
> + //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
> + // VERSION_EQUAL);
> + //
> + //if(isWin2k && sspi_status == SEC_E_OK)
> + if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */
This hammer seems fairly blunt, is there a way in which we can detect this case
(CAC 90m cards)?
As an aside, the API used in curlx_verify_windows_version was deprecated with
Windows 10 so we might need to look at updating the code there.
-- Daniel Gustafsson https://vmware.com/ -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-04-13