I had to comment out few lines that check Windows NT version number in
order to get curl mutual auth to work with 90m/CAC cards (Windows
certificates).

Without this change, the curl would close TLS connection after sending only
partial data response to all my requests to the IIS.
I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
VERSION_EQUAL) is the culprit.
I run curl lib on Windows 10 Professional.

This is the change I made to curl 7.81.0 sources:

diff --git a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
index 0a8e60610d..bd75256c21 100644
--- a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
+++ b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
@@ -2052,10 +2052,11 @@ schannel_recv(struct Curl_easy *data, int sockindex,
   */
   if(len && !backend->decdata_offset && backend->recv_connection_closed &&
      !backend->recv_sspi_close_notify) {
-    bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
-                                                VERSION_EQUAL);
-
-    if(isWin2k && sspi_status == SEC_E_OK)
+    //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
+    //                                            VERSION_EQUAL);
+    //
+    //if(isWin2k && sspi_status == SEC_E_OK)
+    if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */
       backend->recv_sspi_close_notify = true;
     else {
       *err = CURLE_RECV_ERROR;

Tuomas Kaikkonen
Principal Software Engineer, WAVE Core, Motorola Solutions
3131 Elliott Ave, Suite 200, Seattle, WA 98121
phone: (425) 919-8973

-- 


*For more information on how and why we collect your personal 
information, please visit our Privacy Policy 
<https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Reply via email to