From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 22 Sep 2025 08:09:18 +0000 (+0200)
Subject: KNOWN_BUGS: Access violation sending client cert with SChannel
X-Git-Tag: rc-8_17_0-1~258
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=97e5a471e0d7a6ade6476c71801ae2a89961919b;p=thirdparty%2Fcurl.git

KNOWN_BUGS: Access violation sending client cert with SChannel

It seems we can select between crashing or leaking sensitive files
because Schannel is buggy.

Closes #17626
Closes #18679
---

diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index 1eb5716f8b..3785d73aa4 100644
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -15,6 +15,7 @@ problems may have been fixed or changed somewhat since this was written.
 
  2. TLS
  2.1 IMAPS connection fails with Rustls error
+ 2.2 Access violation sending client cert with Schannel
  2.5 Client cert handling with Issuer DN differs between backends
  2.7 Client cert (MTLS) issues with Schannel
  2.11 Schannel TLS 1.2 handshake bug in old Windows versions
@@ -120,6 +121,14 @@ problems may have been fixed or changed somewhat since this was written.
 
  https://github.com/curl/curl/issues/10457
 
+2.2 Access violation sending client cert with Schannel
+
+ When using Schannel to do client certs, curl sets PKCS12_NO_PERSIST_KEY to
+ avoid leaking the private key into the filesystem. Unfortunately that flag
+ instead seems to trigger a crash.
+
+ See https://github.com/curl/curl/issues/17626
+
 2.5 Client cert handling with Issuer DN differs between backends
 
  When the specified client certificate does not match any of the