KNOWN_BUGS: Access violation sending client cert with SChannel

It seems we can select between crashing or leaking sensitive files
because Schannel is buggy.

Closes #17626
Closes #18679

diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index 1eb5716f8b942a3f83f6a5bb8d764ad1516d01f1..3785d73aa49e09bec457f18be8c1db1e29fb2dd8 100644 (file)
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -15,6 +15,7 @@ problems may have been fixed or changed somewhat since this was written.
 
  2. TLS
  2.1 IMAPS connection fails with Rustls error
+ 2.2 Access violation sending client cert with Schannel
  2.5 Client cert handling with Issuer DN differs between backends
  2.7 Client cert (MTLS) issues with Schannel
  2.11 Schannel TLS 1.2 handshake bug in old Windows versions
@@ -120,6 +121,14 @@ problems may have been fixed or changed somewhat since this was written.
 
  https://github.com/curl/curl/issues/10457
 
+2.2 Access violation sending client cert with Schannel
+
+ When using Schannel to do client certs, curl sets PKCS12_NO_PERSIST_KEY to
+ avoid leaking the private key into the filesystem. Unfortunately that flag
+ instead seems to trigger a crash.
+
+ See https://github.com/curl/curl/issues/17626
+
 2.5 Client cert handling with Issuer DN differs between backends
 
  When the specified client certificate does not match any of the