New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows schannel client certificate path broken in first call to curl_easy_perform #3480

Closed
helgeklein opened this Issue Jan 17, 2019 · 4 comments

Comments

Projects
None yet
3 participants
@helgeklein
Copy link

helgeklein commented Jan 17, 2019

Intro

We have used libcurl in our Windows application for HTTP REST APIs for a long time successfully. Now we are adding SSL client certificate authentication for a new REST API. While doing that, we encountered a bug where the certificate path set through CURLOPT_SSLCERT is corrupted in the first call to curl_easy_perform().

Details

The issue is with the function get_cert_location() in the file schannel.c. The path passed in is a pointer to the original certificate path (data->set.ssl.cert). While the path string is processed, it is null-terminated at the last backslash by overwriting said backslash with \0. That effectively shortens the path by one component. The resulting shortened path is not valid any more.

Result: the first call succeeds, every subsequent call returns with CURLE_SSL_CERTPROBLEM from get_cert_location().

More information

  • Path format: STORE\PATH\THUMBPRINT
  • Original (correct) path example: LocalMachine\MY\ac1a260ecfc022cd185a4c8551f0a63631123456
  • Example path after first call: LocalMachine\MY

Fix

To fix this, simply remove the following line:

schannel.c, get_cert_location(), line 395: *sep = 0;

The above line is responsible for shortening the path as described above.

Workaround

To work around this issue, set CURLOPT_SSLCERT for every call to curl_easy_perform().

Expected behavior

It should only be necessary to set CURLOPT_SSLCERT once per curl handle.

curl/libcurl version

libcurl 7.63.0 on Windows 10 1803

@bagder

This comment has been minimized.

Copy link
Member

bagder commented Jan 17, 2019

Won't simply removing it cause any problems since that then leaves the cert_store_path including the thumbprint?

/cc @ArchangelSDY

@ArchangelSDY

This comment has been minimized.

Copy link
Contributor

ArchangelSDY commented Jan 17, 2019

Yes, looks incorrect. cert_store_path should not include thumbprint. Better to do a copy here.

@bagder

This comment has been minimized.

Copy link
Member

bagder commented Jan 21, 2019

@helgeklein, can you verify that #3487 fixes the issue for you?

@helgeklein

This comment has been minimized.

Copy link
Author

helgeklein commented Jan 21, 2019

@bagder I just did and it does fix the issue. Thanks for the great work and the super-quick fix!

@helgeklein helgeklein closed this Jan 21, 2019

bagder added a commit that referenced this issue Jan 21, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment