[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 111/173: schannel: Remove incorrect SNI disabled me
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 111/173: schannel: Remove incorrect SNI disabled message |
Date: |
Fri, 24 Feb 2017 14:02:13 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit 18495ecaccf936a9d7d6c96c08c644ceda83bd00
Author: JDepooter <address@hidden>
AuthorDate: Thu Feb 2 13:40:16 2017 -0800
schannel: Remove incorrect SNI disabled message
- Remove the SNI disabled when host verification disabled message
since that is incorrect.
- Show a message for legacy versions of Windows <= XP that connections
may fail since those versions of WinSSL lack SNI, algorithms, etc.
Bug: https://github.com/curl/curl/pull/1240
---
lib/vtls/schannel.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index ca7545662..bd9239956 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -130,6 +130,14 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)\n",
hostname, conn->remote_port);
+ if(Curl_verify_windows_version(5, 1, PLATFORM_WINNT,
+ VERSION_LESS_THAN_EQUAL)) {
+ /* SChannel in Windows XP (OS version 5.1) uses legacy handshakes and
+ algorithms that may not be supported by all servers. */
+ infof(data, "schannel: WinSSL version is old and may not be able to "
+ "connect to some servers due to lack of SNI, algorithms, etc.\n");
+ }
+
#ifdef HAS_ALPN
/* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above.
Also it doesn't seem to be supported for Wine, see curl bug #983. */
@@ -197,7 +205,7 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
infof(data, "schannel: verifyhost setting prevents Schannel from "
"comparing the supplied target name with the subject "
- "names in server certificates. Also disables SNI.\n");
+ "names in server certificates.\n");
}
switch(conn->ssl_config.version) {
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 86/173: RELEASE-NOTES: synced with 01ab7c30bba6f, (continued)
- [GNUnet-SVN] [gnurl] 86/173: RELEASE-NOTES: synced with 01ab7c30bba6f, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 102/173: mbedtls: implement CTR-DRBG and HAVEGE random generators, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 161/173: docs: gitignore curl.1, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 122/173: http_proxy: avoid freeing static memory, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 145/173: string formatting: fix 4 printf-style format strings, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 163/173: bump: 7.53.1 coming up, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 117/173: THANKS-filter: polish some recent contributors, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 148/173: sftp: improved checks for create dir failures, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 164/173: tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 155/173: release: 7.53.0, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 111/173: schannel: Remove incorrect SNI disabled message,
gnunet <=
- [GNUnet-SVN] [gnurl] 147/173: digest_sspi: Fix nonce-count generation in HTTP digest, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 171/173: Revert "tests: use consistent environment variables for setting charset", gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 133/173: curl: fix typo in time condition warning message, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 127/173: URL: only accept "; options" in SMTP/POP3/IMAP URL schemes, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 126/173: cmdline-opts/socks*: Mention --preproxy in --socks* opts, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 168/173: rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 136/173: tool_urlglob: Allow a glob range with the same start and stop, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 125/173: CURLOPT_SSL_VERIFYPEER.3: also the https proxy version, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 89/173: docs/curl.1: generate from the cmdline-opts script, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 150/173: TODO: CURLOPT_RESOLVE for any port number, gnunet, 2017/02/24