From 07877e61cf3c939f8363113454ff88173489d750 Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Sun, 15 May 2016 15:41:45 +0200
Subject: [PATCH] Fix for CONC-180 In case handshake ended with Errorcode
 SEC_E_INTERNAL_ERROR we check LastErrorCode (if it was set) and return system
 errormessage. For timeout during SSL handshake we return the following error
 message:

ERROR 2026 (HY000): SSL connection error: A connection attempt failed
because the connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond.
---
 libmariadb/secure/ma_schannel.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/libmariadb/secure/ma_schannel.c b/libmariadb/secure/ma_schannel.c
index 7953d0b5d..b32e0d8c7 100644
--- a/libmariadb/secure/ma_schannel.c
+++ b/libmariadb/secure/ma_schannel.c
@@ -26,6 +26,7 @@
 #define MAX_SSL_ERR_LEN 100
 
 #define SCHANNEL_PAYLOAD(A) (A).cbMaximumMessage - (A).cbHeader - (A).cbTrailer
+void ma_schannel_set_win_error(MARIADB_PVIO *pvio);
 
 /* {{{ void ma_schannel_set_sec_error */
 void ma_schannel_set_sec_error(MARIADB_PVIO *pvio, DWORD ErrorNo)
@@ -70,6 +71,12 @@ void ma_schannel_set_sec_error(MARIADB_PVIO *pvio, DWORD ErrorNo)
     break;
   case SEC_E_OK:
     break;
+  case SEC_E_INTERNAL_ERROR:
+    if (GetLastError())
+      ma_schannel_set_win_error(pvio);
+    else
+      pvio->set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "The Local Security Authority cannot be contacted");
+    break;
   default:
     __debugbreak();
     pvio->set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "Unknown SSL error (0x%x)", ErrorNo);
@@ -511,7 +518,6 @@ SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRe
         OutBuffers.pvBuffer = NULL;
       }
     }
-
     /* check if we need to read more data */
     switch (rc) {
     case SEC_E_INCOMPLETE_MESSAGE:
@@ -548,7 +554,6 @@ SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRe
     default:
       if (FAILED(rc))
       {
-        ma_schannel_set_sec_error(pvio, rc);
         goto loopend;
       }
       break;
@@ -563,8 +568,11 @@ SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRe
     cbIoBuffer = 0;
   }
 loopend:
-  if (FAILED(rc)) 
+  if (FAILED(rc))
+  {
+    ma_schannel_set_sec_error(pvio, rc);
     DeleteSecurityContext(&sctx->ctxt);
+  }
   LocalFree(IoBuffer);
 
   return rc;