[GNUnet-SVN] [gnurl] 111/173: schannel: Remove incorrect SNI disabled me

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 111/173: schannel: Remove incorrect SNI disabled me

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 111/173: schannel: Remove incorrect SNI disabled message
Date:	Fri, 24 Feb 2017 14:02:13 +0100

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.

commit 18495ecaccf936a9d7d6c96c08c644ceda83bd00
Author: JDepooter <address@hidden>
AuthorDate: Thu Feb 2 13:40:16 2017 -0800

    schannel: Remove incorrect SNI disabled message
    
    - Remove the SNI disabled when host verification disabled message
      since that is incorrect.
    
    - Show a message for legacy versions of Windows <= XP that connections
      may fail since those versions of WinSSL lack SNI, algorithms, etc.
    
    Bug: https://github.com/curl/curl/pull/1240
---
 lib/vtls/schannel.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index ca7545662..bd9239956 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -130,6 +130,14 @@ schannel_connect_step1(struct connectdata *conn, int 
sockindex)
   infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)\n",
         hostname, conn->remote_port);
 
+  if(Curl_verify_windows_version(5, 1, PLATFORM_WINNT,
+                                 VERSION_LESS_THAN_EQUAL)) {
+     /* SChannel in Windows XP (OS version 5.1) uses legacy handshakes and
+        algorithms that may not be supported by all servers. */
+     infof(data, "schannel: WinSSL version is old and may not be able to "
+           "connect to some servers due to lack of SNI, algorithms, etc.\n");
+  }
+
 #ifdef HAS_ALPN
   /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above.
      Also it doesn't seem to be supported for Wine, see curl bug #983. */
@@ -197,7 +205,7 @@ schannel_connect_step1(struct connectdata *conn, int 
sockindex)
       schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
       infof(data, "schannel: verifyhost setting prevents Schannel from "
             "comparing the supplied target name with the subject "
-            "names in server certificates. Also disables SNI.\n");
+            "names in server certificates.\n");
     }
 
     switch(conn->ssl_config.version) {

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 86/173: RELEASE-NOTES: synced with 01ab7c30bba6f, (continued)
- [GNUnet-SVN] [gnurl] 86/173: RELEASE-NOTES: synced with 01ab7c30bba6f, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 102/173: mbedtls: implement CTR-DRBG and HAVEGE random generators, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 161/173: docs: gitignore curl.1, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 122/173: http_proxy: avoid freeing static memory, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 145/173: string formatting: fix 4 printf-style format strings, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 163/173: bump: 7.53.1 coming up, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 117/173: THANKS-filter: polish some recent contributors, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 148/173: sftp: improved checks for create dir failures, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 164/173: tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 155/173: release: 7.53.0, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 111/173: schannel: Remove incorrect SNI disabled message, gnunet <=
- [GNUnet-SVN] [gnurl] 147/173: digest_sspi: Fix nonce-count generation in HTTP digest, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 171/173: Revert "tests: use consistent environment variables for setting charset", gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 133/173: curl: fix typo in time condition warning message, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 127/173: URL: only accept "; options" in SMTP/POP3/IMAP URL schemes, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 126/173: cmdline-opts/socks*: Mention --preproxy in --socks* opts, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 168/173: rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 136/173: tool_urlglob: Allow a glob range with the same start and stop, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 125/173: CURLOPT_SSL_VERIFYPEER.3: also the https proxy version, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 89/173: docs/curl.1: generate from the cmdline-opts script, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 150/173: TODO: CURLOPT_RESOLVE for any port number, gnunet, 2017/02/24

Prev by Date: [GNUnet-SVN] [gnurl] 155/173: release: 7.53.0
Next by Date: [GNUnet-SVN] [gnurl] 147/173: digest_sspi: Fix nonce-count generation in HTTP digest
Previous by thread: [GNUnet-SVN] [gnurl] 155/173: release: 7.53.0
Next by thread: [GNUnet-SVN] [gnurl] 147/173: digest_sspi: Fix nonce-count generation in HTTP digest
Index(es):
- Date
- Thread