git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 00:51:42 +08:00
Code Issues Actions 13 Packages Projects Releases Wiki Activity
cd015c8819
curl-curl/lib/vtls
History
Jay Satiro cd015c8819 schannel: fix renegotiation 
- Move the schannel_recv renegotiation code to function
  schannel_recv_renegotiate.

- Save the state of a pending renegotiation.

- Pre-empt schannel_recv and schannel_send to continue a pending
  renegotation.

- Partially block during renegotiation if necessary.

Prior to this change, since a1850ad7 (precedes 8.13.0), schannel_recv
did not properly complete renegotiation before attempting to decrypt
data. In some cases that could cause an error SEC_E_CONTEXT_EXPIRED.
Most of the time though DecryptMessage would succeed by chance and
return SEC_I_RENEGOTIATE which allowed the renegotiation to continue.

Reported-by: stephannn@users.noreply.github.com
Reported-by: Dustin L. Howett

Fixes https://github.com/curl/curl/issues/18029
Closes https://github.com/curl/curl/pull/18125
2025-08-27 02:10:05 -04:00
..
.checksrc checksrc: reduce exceptions, apply again to curlx 2025-06-27 17:33:35 +02:00
cipher_suite.c tidy-up: prefer ifdef/ifndef for single checks 2025-07-27 22:35:17 +02:00
cipher_suite.h TLS: remove support for Secure Transport and BearSSL 2025-06-11 07:54:19 +02:00
gtls.c gnutls: fix building with older supported GnuTLS versions 2025-08-21 18:04:25 +02:00
gtls.h http/3: report handshake with version and cipher as for TCP connections 2025-07-14 14:08:32 +02:00
hostcheck.c tidy-up: more whitespace/indent, comments 2025-07-25 11:47:51 +02:00
hostcheck.h openssl: some small cleanups 2025-07-18 00:40:26 +02:00
keylog.c urlapi: use uppercase hex encoding 2025-06-25 11:44:13 +02:00
keylog.h spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
mbedtls_threadlock.c lib: include files using known path 2025-04-08 17:00:00 +02:00
mbedtls_threadlock.h lib: include files using known path 2025-04-08 17:00:00 +02:00
mbedtls.c spelling: file system 2025-08-22 15:53:41 +02:00
mbedtls.h lib: include files using known path 2025-04-08 17:00:00 +02:00
openssl.c openssl: sync an AWS-LC guard with BoringSSL 2025-08-23 22:57:30 +02:00
openssl.h openssl: enable HAVE_KEYLOG_CALLBACK for AWS-LC 2025-08-22 20:36:10 +02:00
rustls.c tls: CURLINFO_TLS_SSL_PTR testing 2025-08-01 09:37:36 +02:00
rustls.h lib: include files using known path 2025-04-08 17:00:00 +02:00
schannel_int.h schannel: fix renegotiation 2025-08-27 02:10:05 -04:00
schannel_verify.c windows: document toolchain support for CERT_NAME_SEARCH_ALL_NAMES_FLAG 2025-07-31 20:43:21 +02:00
schannel.c schannel: fix renegotiation 2025-08-27 02:10:05 -04:00
schannel.h openssl: BoringSSL / AWS-LC tidy-ups 2025-08-24 00:30:06 +02:00
vtls_int.h lib: replace getsock() logic with pollsets 2025-08-04 23:43:13 +02:00
vtls_scache.c tidy-up: whitespace 2025-07-11 13:32:54 +02:00
vtls_scache.h lib: replace scache no-op macros with #ifdef 2025-06-27 17:33:34 +02:00
vtls_spack.c build: fix build errors/warnings in rare configurations 2025-07-23 22:17:03 +02:00
vtls_spack.h build: fix build errors/warnings in rare configurations 2025-07-23 22:17:03 +02:00
vtls.c vtls: set seen http version on successful ALPN 2025-08-05 16:01:39 +02:00
vtls.h tidy-up: whitespace 2025-07-11 13:32:54 +02:00
wolfssl.c wolfssl: simplify Curl_wssl_ctx_init 2025-08-27 08:02:24 +02:00
wolfssl.h GHA/checksrc: expand spellcheck, fix issues found 2025-07-21 16:09:01 +02:00
x509asn1.c misc: fix typos 2025-07-12 08:59:44 +02:00
x509asn1.h TLS: remove support for Secure Transport and BearSSL 2025-06-11 07:54:19 +02:00