I had to comment out few lines that check Windows NT version number in order to get curl mutual auth to work with 90m/CAC cards (Windows certificates).
Without this change, the curl would close TLS connection after sending only partial data response to all my requests to the IIS. I suspect the curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT, VERSION_EQUAL) is the culprit. I run curl lib on Windows 10 Professional. This is the change I made to curl 7.81.0 sources: diff --git a/3rdparty/curl/7.81.0/lib/vtls/schannel.c b/3rdparty/curl/7.81.0/lib/vtls/schannel.c index 0a8e60610d..bd75256c21 100644 --- a/3rdparty/curl/7.81.0/lib/vtls/schannel.c +++ b/3rdparty/curl/7.81.0/lib/vtls/schannel.c @@ -2052,10 +2052,11 @@ schannel_recv(struct Curl_easy *data, int sockindex, */ if(len && !backend->decdata_offset && backend->recv_connection_closed && !backend->recv_sspi_close_notify) { - bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT, - VERSION_EQUAL); - - if(isWin2k && sspi_status == SEC_E_OK) + //bool isWin2k = curlx_verify_windows_version(5, 0, 0, PLATFORM_WINNT, + // VERSION_EQUAL); + // + //if(isWin2k && sspi_status == SEC_E_OK) + if (sspi_status == SEC_E_OK) /* TPS TKKZZZ */ backend->recv_sspi_close_notify = true; else { *err = CURLE_RECV_ERROR; Tuomas Kaikkonen Principal Software Engineer, WAVE Core, Motorola Solutions 3131 Elliott Ave, Suite 200, Seattle, WA 98121 phone: (425) 919-8973 -- *For more information on how and why we collect your personal information, please visit our Privacy Policy <https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html