diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2017-04-06 03:27:28 -0400 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2017-04-22 22:39:40 -0400 |
commit | 6b39f9c87e48f17533b139b2ddb829aa21227c3d (patch) | |
tree | 6d7d22d5412d0b9bdad130f07b1b3e0b5b31fbea /lib/urldata.h | |
parent | be299a4dba0362940062f7f07c76862ecf226522 (diff) |
schannel: Don't treat encrypted partial record as pending data
- Track when the cached encrypted data contains only a partial record
that can't be decrypted without more data (SEC_E_INCOMPLETE_MESSAGE).
- Change Curl_schannel_data_pending to return false in such a case.
Other SSL libraries have pending data functions that behave similarly.
Ref: https://github.com/curl/curl/pull/1387
Closes https://github.com/curl/curl/pull/1392
Diffstat (limited to 'lib/urldata.h')
-rw-r--r-- | lib/urldata.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/urldata.h b/lib/urldata.h index 34e18ecde..d4a4a2306 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -333,6 +333,11 @@ struct ssl_connect_data { size_t encdata_length, decdata_length; size_t encdata_offset, decdata_offset; unsigned char *encdata_buffer, *decdata_buffer; + /* encdata_is_incomplete: if encdata contains only a partial record that + can't be decrypted without another Curl_read_plain (that is, status is + SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes + more bytes into encdata then set this back to false. */ + bool encdata_is_incomplete; unsigned long req_flags, ret_flags; CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */ bool recv_sspi_close_notify; /* true if connection closed by close_notify */ |