Windows schannel client certificate path broken in first call to curl_easy_perform #3480
Comments
|
Won't simply removing it cause any problems since that then leaves the /cc @ArchangelSDY |
|
Yes, looks incorrect. |
ArchangelSDY
added a commit
to ArchangelSDY/curl
that referenced
this issue
Jan 20, 2019
ArchangelSDY
added a commit
to ArchangelSDY/curl
that referenced
this issue
Jan 20, 2019
|
@helgeklein, can you verify that #3487 fixes the issue for you? |
|
@bagder I just did and it does fix the issue. Thanks for the great work and the super-quick fix! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Intro
We have used libcurl in our Windows application for HTTP REST APIs for a long time successfully. Now we are adding SSL client certificate authentication for a new REST API. While doing that, we encountered a bug where the certificate path set through
CURLOPT_SSLCERTis corrupted in the first call tocurl_easy_perform().Details
The issue is with the function
get_cert_location()in the fileschannel.c. The path passed in is a pointer to the original certificate path (data->set.ssl.cert). While the path string is processed, it is null-terminated at the last backslash by overwriting said backslash with \0. That effectively shortens the path by one component. The resulting shortened path is not valid any more.Result: the first call succeeds, every subsequent call returns with
CURLE_SSL_CERTPROBLEMfromget_cert_location().More information
Fix
To fix this, simply remove the following line:
schannel.c, get_cert_location(), line 395:
*sep = 0;The above line is responsible for shortening the path as described above.
Workaround
To work around this issue, set
CURLOPT_SSLCERTfor every call tocurl_easy_perform().Expected behavior
It should only be necessary to set
CURLOPT_SSLCERTonce per curl handle.curl/libcurl version
libcurl 7.63.0 on Windows 10 1803
The text was updated successfully, but these errors were encountered: