cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Windows SSPI Schannel implementation ready

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Tue, 12 Jun 2012 23:56:40 +0200

Hi Steve,

2012/6/12 Steve Holme <steve_holme_at_hotmail.com>:
> I was tucked up in bed keeping warm as I'm really not feeling too good, I
> currently have a temperature yet am cold and am feeling sick at the same
> time, but I saw the email come in on my phone so I thought I should respond
> properly at the keyboard whilst things are still fresh in everyone's mind.

Get well soon, Steve. Thanks for still being around this time.

> Since then we have asked for feedback about USE_WINDOWS_SSPI vs
> USE_WINDOWS_SSO as well as the version information but only received limited
> responses. SSL using Windows SSPI Schannel was something that Daniel wanted
> to see in the upcoming 7.27.0 release. Since then I have, possibly, wasted
> two Sunday's assisting Marc in trying to sort out the version information
> sorted as I was under the impression that this is something that needs to be
> present in ssl_version, and subsequently curl's version string, in help get
> the schannel additions into this release.
>

Thanks for your help here. I was also under the impression that this
was something that should be done before the merge at that time.

> No not at all - and I think the fact that we have used the version
> information from secur32.dll is a bit of a hack to get a version number as I
> would prefer to call a function in SSPI to get the version number. Now
> please don't think I'm shifting the blame here, I'm not, but this was how
> Marc had written Curl_version_info() - I have tried to take that, clean it
> up a little and make it more general as to display the fact the Windows SSPI
> is in use as a provider of security features like as I have already said
> GNUTLS and other security providers are displayed by curl.

It was me implementing Curl_schannel_version using version.lib after
Gisle suggested the change, which sounded very reasonable to me at
this point, because wVersion in SecPkgInfo was always 1.
After I created the first version of this new approach, Steve did some
cleanup and general refactoring.

> Given the hack and after some digging around in system32... sspicli.dll
> would be a better library to use for the version information as like you say
> Windows SSPI might pull in other libraries.

I am not sure about this, since MSDN lists secur32.lib / secur32.dll
as the host of the Schannel functions.
For example: http://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx

Generally speaking I am totally fine with whatever you people decide,
as long as it is possible for the developer and user to tell if SSPI
and/or SChannel is available/used. I don't think the version number is
important, but the fact that it is available is.

Best regards,
Marc
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-06-12