mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-18 14:04:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

schannel: Don't reset recv/send function pointers on renegotiation

Browse Source 
These function pointers will have been set when the initial TLS
handshake was completed. If they are unchanged, there is no need to set
them again. If they have been changed, as is the case with HTTP/2, we
don't want to override that change. That would result in the
http22_recv/send functions being completely bypassed.

Prior to this change a connection that uses Schannel with HTTP/2 would
fail on renegotiation with error "Received HTTP/0.9 when not allowed".

Fixes https://github.com/curl/curl/issues/9451
Closes https://github.com/curl/curl/pull/9756
This commit is contained in:
Joel Depooter 2022-10-17 22:56:18 -07:00 committed by Jay Satiro
parent 1c567f797b
commit 3f5a7975a5
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/vtls/schannel.c
View File

@ -1935,8 +1935,15 @@ schannel_connect_common(struct Curl_easy *data, struct connectdata *conn,
if(ssl_connect_done == connssl->connecting_state) {
connssl->state = ssl_connection_complete;
conn->recv[sockindex] = schannel_recv;
conn->send[sockindex] = schannel_send;
if(!connssl->backend->recv_renegotiating) {
/* On renegotiation, we don't want to reset the existing recv/send
* function pointers. They will have been set after the initial TLS
* handshake was completed. If they were subsequently modified, as
* is the case with HTTP/2, we don't want to override that change.
*/
conn->recv[sockindex] = schannel_recv;
conn->send[sockindex] = schannel_send;
}
#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
/* When SSPI is used in combination with Schannel