Fix for CONC-180

In case handshake ended with Errorcode SEC_E_INTERNAL_ERROR we check LastErrorCode (if it was set) and return system errormessage. For timeout during SSL handshake we return the following error message: ERROR 2026 (HY000): SSL connection error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
mariadb-corporation · May 15, 2016 · 07877e6 · 07877e6
1 parent 9d51d5e
commit 07877e6
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/libmariadb/secure/ma_schannel.c b/libmariadb/secure/ma_schannel.c
@@ -26,6 +26,7 @@
 #define MAX_SSL_ERR_LEN 100
 
 #define SCHANNEL_PAYLOAD(A) (A).cbMaximumMessage - (A).cbHeader - (A).cbTrailer
+void ma_schannel_set_win_error(MARIADB_PVIO *pvio);
 
 /* {{{ void ma_schannel_set_sec_error */
 void ma_schannel_set_sec_error(MARIADB_PVIO *pvio, DWORD ErrorNo)
@@ -70,6 +71,12 @@ void ma_schannel_set_sec_error(MARIADB_PVIO *pvio, DWORD ErrorNo)
     break;
   case SEC_E_OK:
     break;
+  case SEC_E_INTERNAL_ERROR:
+    if (GetLastError())
+      ma_schannel_set_win_error(pvio);
+    else
+      pvio->set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "The Local Security Authority cannot be contacted");
+    break;
   default:
     __debugbreak();
     pvio->set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "Unknown SSL error (0x%x)", ErrorNo);
@@ -511,7 +518,6 @@ SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRe
         OutBuffers.pvBuffer = NULL;
       }
     }
-
     /* check if we need to read more data */
     switch (rc) {
     case SEC_E_INCOMPLETE_MESSAGE:
@@ -548,7 +554,6 @@ SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRe
     default:
       if (FAILED(rc))
       {
-        ma_schannel_set_sec_error(pvio, rc);
         goto loopend;
       }
       break;
@@ -563,8 +568,11 @@ SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRe
     cbIoBuffer = 0;
   }
 loopend:
-  if (FAILED(rc)) 
+  if (FAILED(rc))
+  {
+    ma_schannel_set_sec_error(pvio, rc);
     DeleteSecurityContext(&sctx->ctxt);
+  }
   LocalFree(IoBuffer);
 
   return rc;