romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:51:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

schannel: increase renegotiation timeout to 60 seconds

Browse source 
Prior to this change the timeout was 7 seconds but that is too short for
enhanced-security users that have to fill out an interactive prompt on
Schannel renegotiation (PIN, smart card, etc).

Reported-by: Tim Omta

Fixes https://github.com/curl/curl/issues/21270
Closes https://github.com/curl/curl/pull/21291
This commit is contained in:
Jay Satiro 2026-04-10 14:02:55 -04:00
parent 3b68c67be2
commit 70bb0db767
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/vtls/schannel.c
View file

@ -1757,7 +1757,13 @@ enum schannel_renegotiate_caller_t {
SCH_RENEG_CALLER_IS_SEND SCH_RENEG_CALLER_IS_SEND
}; };
#define MAX_RENEG_BLOCK_TIME (7 * 1000) /* 7 seconds in milliseconds */ /* The maximum time we allow for Schannel renegotiation which may in some
rare cases block either due to libcurl (waiting on the socket) or Windows
(waiting on an interactive security prompt). Note Schannel "renegotiation"
is not necessarily literal TLS renegotiation, but means DecryptMessage
returned SEC_I_RENEGOTIATE which means at least the security context needs
to be re-established. */
#define MAX_RENEG_BLOCK_TIME (60 * 1000) /* 60 seconds in milliseconds */
/* This function renegotiates the connection due to a server request received /* This function renegotiates the connection due to a server request received
by schannel_recv. This function returns CURLE_AGAIN if the renegotiation is by schannel_recv. This function returns CURLE_AGAIN if the renegotiation is