diff options
author | Joel Depooter <joel.depooter@safe.com> | 2021-05-11 19:45:59 -0700 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2021-05-13 03:07:21 -0400 |
commit | ba3452cafc9920d133cb8f38ade2377be21acf0d (patch) | |
tree | d149bd00c89d6fed7c2609e13cb24346e2742f6d /lib | |
parent | 56cf2de5ac217296778c8fc0d037c922e63ff38e (diff) | |
download | curl-ba3452cafc9920d133cb8f38ade2377be21acf0d.tar.gz |
schannel: Ensure the security context request flags are always set
As of commit 54e7475, these flags would only be set when using a new
credential handle. When re-using an existing credential handle, the
flags would not be set.
Closes https://github.com/curl/curl/pull/7051
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/schannel.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index d3fb642d1..8c25ac5dd 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -562,15 +562,9 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, "names in server certificates.\n")); } - /* security request flags */ - BACKEND->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | - ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY | - ISC_REQ_STREAM; - if(!SSL_SET_OPTION(auto_client_cert)) { schannel_cred.dwFlags &= ~SCH_CRED_USE_DEFAULT_CREDS; schannel_cred.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS; - BACKEND->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS; infof(data, "schannel: disabled automatic use of client certificate\n"); } else @@ -909,6 +903,15 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0); InitSecBufferDesc(&outbuf_desc, &outbuf, 1); + /* security request flags */ + BACKEND->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | + ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY | + ISC_REQ_STREAM; + + if(!SSL_SET_OPTION(auto_client_cert)) { + BACKEND->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS; + } + /* allocate memory for the security context handle */ BACKEND->ctxt = (struct Curl_schannel_ctxt *) calloc(1, sizeof(struct Curl_schannel_ctxt)); |