Yang, Marc, et. All, >> I am worried that the flags change in your use cases. And I really don't >> like the >> idea of ignoring or just warning about non-matching flags. >> ISC_RET_CONFIDENTIALITY, ISC_RET_REPLAY_DETECT and ISC_RET_SEQUENCE_DETECT >> are pretty important to make sure that the SSL connection is actually >> "secure". Why >> would you want to communicate through an SSL connection that is actually not >> secure? There should be some other way to fix this.
>> I am pretty busy with final exams during the following weeks, so I >> would like to ask whether you or someone else could spend a little >> more research on this issue before simple ignoring the source of the >> actual problem. Thanks in advance, I would really appreciate it! >No intention to ignore it on this side. Actually I'm raising the issue >publicly, and listening to your >recommendation of not disabling the check. I loaded the URL Yang mentioned the problem with - https://www.digicert.com/ - without issues on WinXP and Win7. I don't have a Win2k machine to duplicate the problem on. MSDN says InitializeSecurityContext() with the flags we care about here are supported from Win2k onwards. http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924(v=vs.85).aspx One possibility is to disable the checks only on Win2k (something like #if WINVER <= 0x400). I'd recommend not making any change though until we learn more. I tried a quick search of the web but did not find anything. Mark ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
