I had to comment out few lines that check Windows NT version number in
order to get curl mutual auth to work with 90m/CAC cards (Windows
certificates).
Without this change, the curl would close TLS connection after sending only
partial data response to all my requests to the IIS.
I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
VERSION_EQUAL) is the culprit.
I run curl lib on Windows 10 Professional.
This is the change I made to curl 7.81.0 sources:
diff --git a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
index 0a8e60610d..bd75256c21 100644
--- a/3rdparty/curl/7.81.0/lib/vtls/schannel.c
+++ b/3rdparty/curl/7.81.0/lib/vtls/schannel.c
@@ -2052,10 +2052,11 @@ schannel_recv(struct Curl_easy *data, int sockindex,
*/
if(len && !backend->decdata_offset && backend->recv_connection_closed &&
!backend->recv_sspi_close_notify) {
- bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
- VERSION_EQUAL);
-
- if(isWin2k && sspi_status == SEC_E_OK)
+ //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT,
+ // VERSION_EQUAL);
+ //
+ //if(isWin2k && sspi_status == SEC_E_OK)
+ if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */
backend->recv_sspi_close_notify = true;
else {
*err = CURLE_RECV_ERROR;
Tuomas Kaikkonen
Principal Software Engineer, WAVE Core, Motorola Solutions
3131 Elliott Ave, Suite 200, Seattle, WA 98121
phone: (425) 919-8973
--
*For more information on how and why we collect your personal
information, please visit our Privacy Policy
<https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
