#1187 winsspi ssl engine was unable connect through ssl

closed-fixed
5
2014-08-16
2013-02-04
No

winsspi ssl engine was unable connect through ssl with curl build with winsspi(no openssl):
[-----]
curl --verbose -k https://XX.XX.XX.XX
About to connect() to test port 443 (#0)
Trying XX.XX.XX.XX...
connected
Connected to XX.XX.XX.XX (XX.XX.XX.XX) port 443 (#0)
schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 1/3)
schannel: disable server certificate revocation checks
schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates. Also disables SNI.
schannel: sending initial handshake data: sending 119 bytes...
schannel: sent initial handshake data: sent 119 bytes
schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 2/3)
schannel: encrypted data buffer: offset 3326 length 4096
schannel: sending next handshake data: sending 326 bytes...
schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 2/3)
schannel: encrypted data buffer: offset 59 length 4096
schannel: SSL/TLS handshake complete
schannel: SSL/TLS connection with XX.XX.XX.XX port 443 (step 3/3)
schannel: failed to setup extended errors
Closing connection #0
* schannel: shutting down SSL/TLS connection with XX.XX.XX.XX port 443
curl: (35) schannel: failed to setup extended errors
[-----]
this error occured only on some specific machine: win7 without sp1
maybe it's related to http://support.microsoft.com/kb/975858

i have made following changes:
[-----]
Index: lib/curl_schannel.c
===================================================================
--- lib/curl_schannel.c (revision)
+++ lib/curl_schannel.c (working copy)
@@ -219,7 +219,7 @@

/ setup request flags /
connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
- ISC_REQ_CONFIDENTIALITY | ISC_REQ_EXTENDED_ERROR |
+ ISC_REQ_CONFIDENTIALITY | // ISC_REQ_EXTENDED_ERROR |
ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM;

/ allocate memory for the security context handle /
@@ -503,8 +503,10 @@
failf(data, "schannel: failed to setup replay detection");
if(!(connssl->ret_flags & ISC_RET_CONFIDENTIALITY))
failf(data, "schannel: failed to setup confidentiality");
+/
if(!(connssl->ret_flags & ISC_RET_EXTENDED_ERROR))
failf(data, "schannel: failed to setup extended errors");
+
/
if(!(connssl->ret_flags & ISC_RET_ALLOCATED_MEMORY))
failf(data, "schannel: failed to setup memory allocation");
if(!(connssl->ret_flags & ISC_RET_STREAM))
[-----]

and the problem has gone. i don't now if CURL really need specify ISC_REQ_EXTENDED_ERROR cause it's not related to client side;

Discussion

  • Daniel Stenberg

    Daniel Stenberg - 2013-02-05
    • status: open --> closed-fixed
    • assigned_to: Daniel Stenberg
    • milestone: -->
     
  • Daniel Stenberg

    Daniel Stenberg - 2013-02-05

    Thanks, this is now fixed in git!

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks