Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
"schannel: failed to retrieve ALPN result" when running on Windows 7 #840
I did this
We built libcurl with Visual Studio 2015 on Windows Server 2012 R2 (based on Windows 8.1) and linked it statically to an app that downloads a file via HTTP/1.1. This app was then executed on Windows 7. It failed with this error when trying to download this file:
(see also #724, where ALPN support for schannel has been introduced)
Suspected root cause
The error occurs when libcurl calls QueryContextAttributes in schannel.c. This function has a minimum supported OS version of Windows 8.1 or Server 2012 R2. It is not guaranteed to work on older versions, like Windows 7 (where it fails when called with
I expected the following
The download should have succeeded.
7.49.1 (all is well with 7.48.0)
According to MS, ALPN has been introduced with Windows 8.1. It is not available in Windows 7, so it should be disabled on these systems.
We have not tried to do this depending on the Windows version. What we're trying right now is to set
Yeah, that sounds like a functional work-around. Another one would be to rebuild libcurl with a TLS backend that supports ALPN on win 7 as well, but if you can live without APLN I guess your approach is the easier one.
We should still get a fix for this done.
Confirm everything above. I've got a minimal test case running that shows the following result
where patched means adding the following in our application code:
all builds are done using MSVS 2015 on Windows Server 2012 R2.
Given we have a nice workaround now, the question is weather or not this compile time feature check is sufficient. This causes the default behavior that code compiled on Windows 8+ does not run on Windows 7 (and below).
It is not. There should be a runtime check in the schannel TLS code that disables ALPN if it is running on Windows < 8.1. I could have a shot at implementing this in the next few days, but I'm not sure that it will be today or tomorrow. @bagder Do you intend to release a bug fix version when this is done?