Change #243985
| Category | None |
| Changed by | Jay Satiro <raysatiro@yahoo.com> |
| Changed at | Wed 27 Aug 2025 08:10:05 |
| Repository | https://api.github.com/repos/curl/curl |
| Project | curl/curl |
| Branch | master |
| Revision | cd015c88198f6ebed326c0fd0a28c02b3494a618 |
Comments
schannel: fix renegotiation - Move the schannel_recv renegotiation code to function schannel_recv_renegotiate. - Save the state of a pending renegotiation. - Pre-empt schannel_recv and schannel_send to continue a pending renegotation. - Partially block during renegotiation if necessary. Prior to this change, since a1850ad7 (precedes 8.13.0), schannel_recv did not properly complete renegotiation before attempting to decrypt data. In some cases that could cause an error SEC_E_CONTEXT_EXPIRED. Most of the time though DecryptMessage would succeed by chance and return SEC_I_RENEGOTIATE which allowed the renegotiation to continue. Reported-by: stephannn@users.noreply.github.com Reported-by: Dustin L. Howett Fixes https://github.com/curl/curl/issues/18029 Closes https://github.com/curl/curl/pull/18125
Changed files
- lib/vtls/schannel.c
- lib/vtls/schannel_int.h