cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1187 winsspi ssl engine was unable connect through ssl

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Tue, 05 Feb 2013 21:28:14 +0000

Thanks, this is now fixed in git!

---
** [bugs:#1187] winsspi ssl engine was unable connect through ssl**
**Status:** closed-fixed
**Labels:** ssl winsspi windows 
**Created:** Mon Feb 04, 2013 10:36 AM UTC by Andrew Kurushin
**Last Updated:** Mon Feb 04, 2013 10:36 AM UTC
**Owner:** Daniel Stenberg
winsspi ssl engine was unable connect through ssl with curl build with winsspi(no openssl):
[-----]
curl --verbose -k https://XX.XX.XX.XX
* About to connect() to test port 443 (#0)
*   Trying XX.XX.XX.XX...
* connected
* Connected to XX.XX.XX.XX (XX.XX.XX.XX) port 443 (#0)
* schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 1/3)
* schannel: disable server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates. Also disables SNI.
* schannel: sending initial handshake data: sending 119 bytes...
* schannel: sent initial handshake data: sent 119 bytes
* schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 2/3)
* schannel: encrypted data buffer: offset 3326 length 4096
* schannel: sending next handshake data: sending 326 bytes...
* schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 2/3)
* schannel: encrypted data buffer: offset 59 length 4096
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 3/3)
* schannel: failed to setup extended errors
* Closing connection #0
* schannel: shutting down SSL/TLS connection with XX.XX.XX.XX port 443
curl: (35) schannel: failed to setup extended errors
[-----]
this error occured only on some specific machine: win7 without sp1
maybe it's related to http://support.microsoft.com/kb/975858
i have made following changes:
[-----]
Index: lib/curl_schannel.c
===================================================================
--- lib/curl_schannel.c	(revision)
+++ lib/curl_schannel.c	(working copy)
@@ -219,7 +219,7 @@
 
   /* setup request flags */
   connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
-                       ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR |
+                       ISC_REQ_CONFIDENTIALITY | // ISC_REQ_EXTENDED_ERROR |
                        ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM;
 
   /* allocate memory for the security context handle */
@@ -503,8 +503,10 @@
       failf(data, "schannel: failed to setup replay detection");
     if(!(connssl->ret_flags & ISC_RET_CONFIDENTIALITY))
       failf(data, "schannel: failed to setup confidentiality");
+/*
     if(!(connssl->ret_flags & ISC_RET_EXTENDED_ERROR))
       failf(data, "schannel: failed to setup extended errors");
+*/
     if(!(connssl->ret_flags & ISC_RET_ALLOCATED_MEMORY))
       failf(data, "schannel: failed to setup memory allocation");
     if(!(connssl->ret_flags & ISC_RET_STREAM))
[-----]
and the problem has gone. i don't now if CURL really need specify ISC_REQ_EXTENDED_ERROR  cause it's not related to client side;
---
Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1187/>
To unsubscribe from further messages, please visit <https://sourceforge.net/auth/prefs/>
Received on 2013-02-05

These mail archives are generated by hypermail.

donate! Page updated January 05, 2012.
web site info

File upload with ASP.NET