diff options
| author | Curl Upstream <curl-library@cool.haxx.se> | 2017-06-14 06:08:56 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2017-06-14 14:46:35 (GMT) |
| commit | 06d6d6c4aee149cd6560b919ef6935ef0867d921 (patch) | |
| tree | d62adabf2b4b10030abf4a759b520e5edb6dd517 /lib/vtls/schannel.c | |
| parent | fd7d521c9d70655618db8232d45e5aaf81700f91 (diff) | |
| download | CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.zip CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.tar.gz CMake-06d6d6c4aee149cd6560b919ef6935ef0867d921.tar.bz2 | |
curl 2017-06-14 (54b636f1)
Code extracted from:
https://github.com/curl/curl.git
at commit 54b636f14546d3fde9f9c67c3b32701d78563161 (curl-7_54_1).
Diffstat (limited to 'lib/vtls/schannel.c')
| -rw-r--r-- | lib/vtls/schannel.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index c9b5132..9460301 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -432,6 +432,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) connssl->recv_unrecoverable_err = CURLE_OK; connssl->recv_sspi_close_notify = false; connssl->recv_connection_closed = false; + connssl->encdata_is_incomplete = false; /* continue to second handshake step */ connssl->connecting_state = ssl_connect_2; @@ -480,6 +481,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) /* buffer to store previously received and encrypted data */ if(connssl->encdata_buffer == NULL) { + connssl->encdata_is_incomplete = false; connssl->encdata_offset = 0; connssl->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; connssl->encdata_buffer = malloc(connssl->encdata_length); @@ -532,6 +534,8 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) /* increase encrypted data buffer offset */ connssl->encdata_offset += nread; + connssl->encdata_is_incomplete = false; + infof(data, "schannel: encrypted data got %zd\n", nread); } infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n", @@ -576,6 +580,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) /* check if the handshake was incomplete */ if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { + connssl->encdata_is_incomplete = true; connssl->connecting_state = ssl_connect_2_reading; infof(data, "schannel: received incomplete message, need more data\n"); return CURLE_OK; @@ -625,7 +630,8 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) else failf(data, "schannel: next InitializeSecurityContext failed: %s", Curl_sspi_strerror(conn, sspi_status)); - return CURLE_SSL_CONNECT_ERROR; + return sspi_status == SEC_E_UNTRUSTED_ROOT ? + CURLE_SSL_CACERT_BADFILE : CURLE_SSL_CONNECT_ERROR; } /* check if there was additional remaining encrypted data */ @@ -1177,6 +1183,7 @@ schannel_recv(struct connectdata *conn, int sockindex, } else if(nread > 0) { connssl->encdata_offset += (size_t)nread; + connssl->encdata_is_incomplete = false; infof(data, "schannel: encrypted data got %zd\n", nread); } } @@ -1313,6 +1320,7 @@ schannel_recv(struct connectdata *conn, int sockindex, } } else if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { + connssl->encdata_is_incomplete = true; if(!*err) *err = CURLE_AGAIN; infof(data, "schannel: failed to decrypt data, need more data\n"); @@ -1414,8 +1422,8 @@ bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex) const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; if(connssl->use) /* SSL/TLS is in use */ - return (connssl->encdata_offset > 0 || - connssl->decdata_offset > 0) ? TRUE : FALSE; + return (connssl->decdata_offset > 0 || + (connssl->encdata_offset > 0 && !connssl->encdata_is_incomplete)); else return FALSE; } @@ -1518,6 +1526,7 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) Curl_safefree(connssl->encdata_buffer); connssl->encdata_length = 0; connssl->encdata_offset = 0; + connssl->encdata_is_incomplete = false; } /* free internal buffer for received decrypted data */ |