Lines Matching full:schannel
28 * Source file for all Schannel-specific code for the TLS/SSL layer. No code
37 # error "cannot compile SCHANNEL support without SSPI."
40 #include "schannel.h"
66 * Schannel recv decryption.
139 /* Both schannel buffer sizes must be > 0 */
227 failf(data, "schannel: TLS 1.3 not supported on Windows prior to 11"); in schannel_set_ssl_version_min_max()
470 /* setup Schannel API options */ in schannel_acquire_credential_handle()
491 DEBUGF(infof(data, "schannel: disabled server certificate revocation " in schannel_acquire_credential_handle()
498 DEBUGF(infof(data, "schannel: ignore revocation offline errors")); in schannel_acquire_credential_handle()
504 "schannel: checking server certificate revocation")); in schannel_acquire_credential_handle()
512 "schannel: disabled server cert revocation checks")); in schannel_acquire_credential_handle()
517 DEBUGF(infof(data, "schannel: verifyhost setting prevents Schannel from " in schannel_acquire_credential_handle()
525 infof(data, "schannel: disabled automatic use of client certificate"); in schannel_acquire_credential_handle()
528 infof(data, "schannel: enabled automatic use of client certificate"); in schannel_acquire_credential_handle()
583 failf(data, "schannel: Failed to get certificate location" in schannel_acquire_credential_handle()
593 failf(data, "schannel: certificate format compatibility error " in schannel_acquire_credential_handle()
630 failf(data, "schannel: Failed to read cert file %s", in schannel_acquire_credential_handle()
671 failf(data, "schannel: Failed to import cert file %s, " in schannel_acquire_credential_handle()
675 failf(data, "schannel: Failed to import cert file %s, " in schannel_acquire_credential_handle()
686 failf(data, "schannel: Failed to get certificate from file %s" in schannel_acquire_credential_handle()
702 failf(data, "schannel: Failed to open cert store %lx %s, " in schannel_acquire_credential_handle()
744 failf(data, "schannel: client cert support not built in"); in schannel_acquire_credential_handle()
753 failf(data, "schannel: unable to allocate memory"); in schannel_acquire_credential_handle()
813 Schannel will not negotiate TLS 1.3 when SCHANNEL_CRED is used. */ in schannel_acquire_credential_handle()
823 infof(data, "schannel: WARNING: This version of Schannel " in schannel_acquire_credential_handle()
829 failf(data, "schannel: Failed setting algorithm cipher list"); in schannel_acquire_credential_handle()
859 failf(data, "schannel: AcquireCredentialsHandle failed: %s", in schannel_acquire_credential_handle()
900 "schannel: SSL/TLS connection with %s port %d (step 1/3)", in schannel_connect_step1()
905 /* Schannel in Windows XP (OS version 5.1) uses legacy handshakes and in schannel_connect_step1()
907 infof(data, "schannel: Windows version is old and may not be able to " in schannel_connect_step1()
939 failf(data, "schannel: this version of Windows is too old to support " in schannel_connect_step1()
948 failf(data, "schannel: CA cert support not built in"); in schannel_connect_step1()
962 DEBUGF(infof(data, "schannel: reusing existing credential handle")); in schannel_connect_step1()
967 "schannel: incremented credential handle refcount = %d", in schannel_connect_step1()
991 infof(data, "schannel: using IP address, SNI is not supported by OS."); in schannel_connect_step1()
1064 failf(data, "schannel: unable to allocate memory"); in schannel_connect_step1()
1068 /* Schannel InitializeSecurityContext: in schannel_connect_step1()
1087 failf(data, "schannel: initial InitializeSecurityContext failed: %s", in schannel_connect_step1()
1091 failf(data, "schannel: SNI or certificate check failed: %s", in schannel_connect_step1()
1106 failf(data, "schannel: initial InitializeSecurityContext failed: %s", in schannel_connect_step1()
1112 DEBUGF(infof(data, "schannel: sending initial handshake data: " in schannel_connect_step1()
1121 failf(data, "schannel: failed to send initial handshake data: " in schannel_connect_step1()
1126 DEBUGF(infof(data, "schannel: sent initial handshake data: " in schannel_connect_step1()
1166 "schannel: SSL/TLS connection with %s port %d (step 2/3)", in schannel_connect_step2()
1178 failf(data, "schannel: unable to allocate memory"); in schannel_connect_step2()
1190 failf(data, "schannel: unable to allocate memory"); in schannel_connect_step2()
1205 failf(data, "schannel: unable to re-allocate memory"); in schannel_connect_step2()
1225 DEBUGF(infof(data, "schannel: failed to receive handshake, " in schannel_connect_step2()
1230 failf(data, "schannel: failed to receive handshake, " in schannel_connect_step2()
1238 SCH_DEV(infof(data, "schannel: encrypted data got %zd", nread)); in schannel_connect_step2()
1242 "schannel: encrypted data buffer: offset %zu length %zu", in schannel_connect_step2()
1258 failf(data, "schannel: unable to allocate memory"); in schannel_connect_step2()
1280 "schannel: received incomplete message, need more data")); in schannel_connect_step2()
1292 "schannel: a client certificate has been requested")); in schannel_connect_step2()
1301 DEBUGF(infof(data, "schannel: sending next handshake data: " in schannel_connect_step2()
1310 failf(data, "schannel: failed to send next handshake data: " in schannel_connect_step2()
1326 failf(data, "schannel: next InitializeSecurityContext failed: %s", in schannel_connect_step2()
1330 failf(data, "schannel: SNI or certificate check failed: %s", in schannel_connect_step2()
1334 failf(data, "schannel: %s", in schannel_connect_step2()
1349 failf(data, "schannel: next InitializeSecurityContext failed: %s", in schannel_connect_step2()
1357 SCH_DEV(infof(data, "schannel: encrypted data length: %lu", in schannel_connect_step2()
1397 DEBUGF(infof(data, "schannel: SSL/TLS handshake complete")); in schannel_connect_step2()
1423 because in that case Schannel will not verify it. */ in schannel_connect_step2()
1544 "schannel: SSL/TLS connection with %s port %d (step 3/3)", in schannel_connect_step3()
1553 failf(data, "schannel: failed to setup sequence detection"); in schannel_connect_step3()
1555 failf(data, "schannel: failed to setup replay detection"); in schannel_connect_step3()
1557 failf(data, "schannel: failed to setup confidentiality"); in schannel_connect_step3()
1559 failf(data, "schannel: failed to setup memory allocation"); in schannel_connect_step3()
1561 failf(data, "schannel: failed to setup stream orientation"); in schannel_connect_step3()
1573 failf(data, "schannel: failed to retrieve ALPN result"); in schannel_connect_step3()
1588 failf(data, "schannel: server selected an ALPN protocol too late"); in schannel_connect_step3()
1620 failf(data, "schannel: failed to retrieve remote cert context"); in schannel_connect_step3()
1740 /* When SSPI is used in combination with Schannel in schannel_connect_common()
1741 * we need the Schannel context to create the Schannel in schannel_connect_common()
1855 failf(data, "schannel: timed out sending data " in schannel_send()
1872 failf(data, "schannel: timed out sending data " in schannel_send()
1940 * Schannel recv decryption. in schannel_recv()
1948 SCH_DEV(infof(data, "schannel: client wants to read %zu bytes", len)); in schannel_recv()
1953 "schannel: enough decrypted data is already available")); in schannel_recv()
1958 infof(data, "schannel: an unrecoverable error occurred in a prior call"); in schannel_recv()
1963 infof(data, "schannel: server indicated shutdown in a prior call"); in schannel_recv()
1984 failf(data, "schannel: unable to re-allocate memory"); in schannel_recv()
1991 SCH_DEV(infof(data, "schannel: encdata_buffer resized %zu", in schannel_recv()
1996 "schannel: encrypted data buffer: offset %zu length %zu", in schannel_recv()
2007 SCH_DEV(infof(data, "schannel: recv returned CURLE_AGAIN")); in schannel_recv()
2009 infof(data, "schannel: recv returned CURLE_RECV_ERROR"); in schannel_recv()
2011 infof(data, "schannel: recv returned error %d", *err); in schannel_recv()
2015 DEBUGF(infof(data, "schannel: server closed the connection")); in schannel_recv()
2020 SCH_DEV(infof(data, "schannel: encrypted data got %zd", nread)); in schannel_recv()
2024 SCH_DEV(infof(data, "schannel: encrypted data buffer: offset %zu length %zu", in schannel_recv()
2053 SCH_DEV(infof(data, "schannel: decrypted data length: %lu", in schannel_recv()
2071 failf(data, "schannel: unable to re-allocate memory"); in schannel_recv()
2086 SCH_DEV(infof(data, "schannel: decrypted data added: %zu", size)); in schannel_recv()
2088 "schannel: decrypted cached: offset %zu length %zu", in schannel_recv()
2094 SCH_DEV(infof(data, "schannel: encrypted data length: %lu", in schannel_recv()
2110 "schannel: encrypted cached: offset %zu length %zu", in schannel_recv()
2120 infof(data, "schannel: remote party requests renegotiation"); in schannel_recv()
2122 infof(data, "schannel: cannot renegotiate, an error is pending"); in schannel_recv()
2127 infof(data, "schannel: renegotiating SSL/TLS connection"); in schannel_recv()
2135 infof(data, "schannel: renegotiation failed"); in schannel_recv()
2140 infof(data, "schannel: SSL/TLS connection renegotiated"); in schannel_recv()
2156 "schannel: server close notification received (close_notify)"); in schannel_recv()
2164 SCH_DEV(infof(data, "schannel: failed to decrypt data, need more data")); in schannel_recv()
2170 failf(data, "schannel: failed to read data from server: %s", in schannel_recv()
2178 SCH_DEV(infof(data, "schannel: encrypted data buffer: offset %zu length %zu", in schannel_recv()
2181 SCH_DEV(infof(data, "schannel: decrypted data buffer: offset %zu length %zu", in schannel_recv()
2186 SCH_DEV(infof(data, "schannel: schannel_recv cleanup")); in schannel_recv()
2208 failf(data, "schannel: server closed abruptly (missing close_notify)"); in schannel_recv()
2222 SCH_DEV(infof(data, "schannel: decrypted data returned %zu", size)); in schannel_recv()
2224 "schannel: decrypted data buffer: offset %zu length %zu", in schannel_recv()
2293 * Shutting Down an Schannel Connection in schannel_shutdown()
2308 /* Not supported in schannel */ in schannel_shutdown()
2313 infof(data, "schannel: shutting down SSL/TLS connection with %s port %d", in schannel_shutdown()
2338 failf(data, "schannel: ApplyControlToken failure: %s", in schannel_shutdown()
2371 failf(data, "schannel: failed to send close msg: %s" in schannel_shutdown()
2386 failf(data, "schannel: error sending close msg: %d", result); in schannel_shutdown()
2437 /* free SSPI Schannel API security context handle */ in schannel_close()
2439 DEBUGF(infof(data, "schannel: clear security context handle")); in schannel_close()
2444 /* free SSPI Schannel API credential handle */ in schannel_close()
2480 return msnprintf(buffer, size, "Schannel"); in schannel_version()
2523 failf(data, "schannel: Failed to read remote certificate context: %s", in schannel_pkp_pin_peer_pubkey()
2781 { CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */