Skip to content

schannel: not supported with UWP, drop redundant code#18116

Closed
vszakats wants to merge 13 commits intocurl:masterfrom
vszakats:uwp-schannel
Closed

schannel: not supported with UWP, drop redundant code#18116
vszakats wants to merge 13 commits intocurl:masterfrom
vszakats:uwp-schannel

Conversation

@vszakats
Copy link
Member

@vszakats vszakats commented Jul 31, 2025
edited
Loading

Schannel is not supported by UWP. SSPI is also required by Schannel in
curl, and SSPI also isn't supported by UWP.

mingw-w64 is able to create such build regardless (my guess: due to API
parts not accurately marked as UWP-only), but the binary is unlikely
to work. With MSVC the failure happens at build-time.

Ref: https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-initsecurityinterfacea#requirements
Ref: https://learn.microsoft.com/windows/win32/secauthn/initializesecuritycontext--schannel#requirements

Drop all UWP-related logic, including two related feature checks, that
can now be permanently enabled.

Also:

  • build: show fatal error for Schannel in UWP mode.
  • build: do not allow enabling SSPI in UWP mode.
  • drop undocumented option DISABLE_SCHANNEL_CLIENT_CERT. Added without
    mention in an unrelated commit. The PR text says to save size. On x64
    this is 0.3%, or 4KB out of 1.3MB. The tiny gain doesn't justify
    an extra build variant. Ref: 8beff43
  • move MPROTO_SCHANNEL_CERT_SHARE_KEY closer to its use.
  • replace commented block with #if 0.

Reviewed-by: Jay Satiro
Follow-up to cd0ec47 #17089

w/o ws https://github.com/curl/curl/pull/18116/files?w=1

  • autotools/cmake: add check for the UWP + SSPI + Schannel case.
  • temp refix for WinCE? or merge after dropping CE? (→ temp refix)

Tested OK also with VS2008 and WinCE:

@vszakats vszakats added TLS Windows Windows-specific labels Jul 31, 2025
@github-actions github-actions bot added the CI Continuous Integration label Jul 31, 2025
@vszakats vszakats changed the title schannel: not supported with UWP, drop codepaths schannel: not supported with UWP, drop redundant code Jul 31, 2025
@vszakats vszakats mentioned this pull request Jul 31, 2025
Closed
4 tasks
@jay
Copy link
Member

jay commented Jul 31, 2025

Schannel in curl requires SSPI, and SSPI isn't supported by UWP.
Meaning Schannel cannot be used with UWP.

I'm surprised by this. Indeed the doc for InitializeSecurityContext (Schannel) function says in requirements "desktop apps only".

jay
jay approved these changes Jul 31, 2025
View reviewed changes
@vszakats
Copy link
Member Author

vszakats commented Jul 31, 2025

Schannel in curl requires SSPI, and SSPI isn't supported by UWP.
Meaning Schannel cannot be used with UWP.

I'm surprised by this. Indeed the doc for InitializeSecurityContext (Schannel) function says in requirements "desktop apps only".

Same! Setting aside the false track with mingw-w64, I'm surprised
that UWP apps require a 3rd-party solution for TLS. Perhaps there
is a higher-level protocol facility UWP apps are meant to use.

It'd be nice to actually run the built UWP binaries in CI, to catch similar
issues and this.

@vszakats vszakats closed this in 923db35 Jul 31, 2025
@vszakats vszakats deleted the uwp-schannel branch July 31, 2025 18:06
@vszakats vszakats mentioned this pull request Jan 18, 2026
Closed
vszakats added a commit that referenced this pull request Jan 18, 2026
@vszakats
autotools: fix indentation in help output for two options
ba7e51a 
By using weird indentation in the autoconf source.

Fixing:
```
  --enable-sspi           Enable SSPI
    --disable-sspi          Disable SSPI
[...]
  --enable-websockets     Enable WebSockets support
    --disable-websockets    Disable WebSockets support
```

Follow-up to 923db35 #18116
Follow-up to d78e129 #14936

Closes #20342
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jay jay jay approved these changes

Assignees

No one assigned

Labels

CI Continuous Integration tidy-up TLS Windows Windows-specific

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vszakats @jay

Comments