]> git.ipfire.org Git - thirdparty/curl.git/commit
projects / thirdparty / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b9be9f9) | patch
schannel: fix renegotiation
authorJay Satiro <raysatiro@yahoo.com>
Fri, 1 Aug 2025 07:57:12 +0000 (03:57 -0400)
committerJay Satiro <raysatiro@yahoo.com>
Wed, 27 Aug 2025 06:10:05 +0000 (02:10 -0400)
commitcd015c88198f6ebed326c0fd0a28c02b3494a618
tree24f6388eda9008aa3046fd9576319dd713e6f3a7tree | snapshot
parentb9be9f9466665f259696bc8903a239ed8fd793a2commit | diff
schannel: fix renegotiation

- Move the schannel_recv renegotiation code to function
  schannel_recv_renegotiate.

- Save the state of a pending renegotiation.

- Pre-empt schannel_recv and schannel_send to continue a pending
  renegotation.

- Partially block during renegotiation if necessary.

Prior to this change, since a1850ad7 (precedes 8.13.0), schannel_recv
did not properly complete renegotiation before attempting to decrypt
data. In some cases that could cause an error SEC_E_CONTEXT_EXPIRED.
Most of the time though DecryptMessage would succeed by chance and
return SEC_I_RENEGOTIATE which allowed the renegotiation to continue.

Reported-by: stephannn@users.noreply.github.com
Reported-by: Dustin L. Howett
Fixes https://github.com/curl/curl/issues/18029
Closes https://github.com/curl/curl/pull/18125
lib/vtls/schannel.c diff | blob | blame | history
lib/vtls/schannel_int.h diff | blob | blame | history
Mirror of https://github.com/curl/curl.git