From: Jay Satiro Date: Wed, 1 Nov 2023 07:18:53 +0000 (-0400) Subject: curl_sspi: support more revocation error names in error messages X-Git-Tag: curl-8_5_0~148 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7e828fe503ed1966252d68cedcdb7d92adb7807d;p=thirdparty%2Fcurl.git curl_sspi: support more revocation error names in error messages - Add these revocation errors to sspi error list: CRYPT_E_NO_REVOCATION_DLL, CRYPT_E_NO_REVOCATION_CHECK, CRYPT_E_REVOCATION_OFFLINE and CRYPT_E_NOT_IN_REVOCATION_DATABASE. Prior to this change those error codes were not matched to their macro name and instead shown as "unknown error". Before: schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline. After: schannel: next InitializeSecurityContext failed: CRYPT_E_REVOCATION_OFFLINE (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline. Bug: https://github.com/curl/curl/issues/12239 Reported-by: Niracler Li Closes https://github.com/curl/curl/pull/12241 --- diff --git a/lib/curl_sspi.h b/lib/curl_sspi.h index 5af7c2483a..b26c391569 100644 --- a/lib/curl_sspi.h +++ b/lib/curl_sspi.h @@ -88,6 +88,22 @@ extern PSecurityFunctionTable s_pSecFn; # define CRYPT_E_REVOKED ((HRESULT)0x80092010L) #endif +#ifndef CRYPT_E_NO_REVOCATION_DLL +# define CRYPT_E_NO_REVOCATION_DLL ((HRESULT)0x80092011L) +#endif + +#ifndef CRYPT_E_NO_REVOCATION_CHECK +# define CRYPT_E_NO_REVOCATION_CHECK ((HRESULT)0x80092012L) +#endif + +#ifndef CRYPT_E_REVOCATION_OFFLINE +# define CRYPT_E_REVOCATION_OFFLINE ((HRESULT)0x80092013L) +#endif + +#ifndef CRYPT_E_NOT_IN_REVOCATION_DATABASE +# define CRYPT_E_NOT_IN_REVOCATION_DATABASE ((HRESULT)0x80092014L) +#endif + #ifdef UNICODE # define SECFLAG_WINNT_AUTH_IDENTITY \ (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE diff --git a/lib/strerror.c b/lib/strerror.c index be41914140..df6280bdd0 100644 --- a/lib/strerror.c +++ b/lib/strerror.c @@ -986,6 +986,10 @@ const char *Curl_sspi_strerror(int err, char *buf, size_t buflen) break; #define SEC2TXT(sec) case sec: txt = #sec; break SEC2TXT(CRYPT_E_REVOKED); + SEC2TXT(CRYPT_E_NO_REVOCATION_DLL); + SEC2TXT(CRYPT_E_NO_REVOCATION_CHECK); + SEC2TXT(CRYPT_E_REVOCATION_OFFLINE); + SEC2TXT(CRYPT_E_NOT_IN_REVOCATION_DATABASE); SEC2TXT(SEC_E_ALGORITHM_MISMATCH); SEC2TXT(SEC_E_BAD_BINDINGS); SEC2TXT(SEC_E_BAD_PKGID);