From 7e828fe503ed1966252d68cedcdb7d92adb7807d Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Wed, 1 Nov 2023 03:18:53 -0400
Subject: [PATCH] curl_sspi: support more revocation error names in error
 messages

- Add these revocation errors to sspi error list:
  CRYPT_E_NO_REVOCATION_DLL, CRYPT_E_NO_REVOCATION_CHECK,
  CRYPT_E_REVOCATION_OFFLINE and CRYPT_E_NOT_IN_REVOCATION_DATABASE.

Prior to this change those error codes were not matched to their macro
name and instead shown as "unknown error".

Before:

schannel: next InitializeSecurityContext failed:
Unknown error (0x80092013) - The revocation function was
unable to check revocation because the revocation server was offline.

After:

schannel: next InitializeSecurityContext failed:
CRYPT_E_REVOCATION_OFFLINE (0x80092013) - The revocation function was
unable to check revocation because the revocation server was offline.

Bug: https://github.com/curl/curl/issues/12239
Reported-by: Niracler Li

Closes https://github.com/curl/curl/pull/12241
---
 lib/curl_sspi.h | 16 ++++++++++++++++
 lib/strerror.c  |  4 ++++
 2 files changed, 20 insertions(+)

diff --git a/lib/curl_sspi.h b/lib/curl_sspi.h
index 5af7c2483a..b26c391569 100644
--- a/lib/curl_sspi.h
+++ b/lib/curl_sspi.h
@@ -88,6 +88,22 @@ extern PSecurityFunctionTable s_pSecFn;
 # define CRYPT_E_REVOKED                      ((HRESULT)0x80092010L)
 #endif
 
+#ifndef CRYPT_E_NO_REVOCATION_DLL
+# define CRYPT_E_NO_REVOCATION_DLL            ((HRESULT)0x80092011L)
+#endif
+
+#ifndef CRYPT_E_NO_REVOCATION_CHECK
+# define CRYPT_E_NO_REVOCATION_CHECK          ((HRESULT)0x80092012L)
+#endif
+
+#ifndef CRYPT_E_REVOCATION_OFFLINE
+# define CRYPT_E_REVOCATION_OFFLINE           ((HRESULT)0x80092013L)
+#endif
+
+#ifndef CRYPT_E_NOT_IN_REVOCATION_DATABASE
+# define CRYPT_E_NOT_IN_REVOCATION_DATABASE   ((HRESULT)0x80092014L)
+#endif
+
 #ifdef UNICODE
 #  define SECFLAG_WINNT_AUTH_IDENTITY \
      (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
diff --git a/lib/strerror.c b/lib/strerror.c
index be41914140..df6280bdd0 100644
--- a/lib/strerror.c
+++ b/lib/strerror.c
@@ -986,6 +986,10 @@ const char *Curl_sspi_strerror(int err, char *buf, size_t buflen)
       break;
 #define SEC2TXT(sec) case sec: txt = #sec; break
     SEC2TXT(CRYPT_E_REVOKED);
+    SEC2TXT(CRYPT_E_NO_REVOCATION_DLL);
+    SEC2TXT(CRYPT_E_NO_REVOCATION_CHECK);
+    SEC2TXT(CRYPT_E_REVOCATION_OFFLINE);
+    SEC2TXT(CRYPT_E_NOT_IN_REVOCATION_DATABASE);
     SEC2TXT(SEC_E_ALGORITHM_MISMATCH);
     SEC2TXT(SEC_E_BAD_BINDINGS);
     SEC2TXT(SEC_E_BAD_PKGID);
-- 
2.47.3