intermittent CURLE_SSL_CONNECT_ERROR (35) triggered by SEC_E_BUFFER_TOO_SMALL and SEC_E_MESSAGE_ALTERED in schannel for https on Windows 8.1 and below #5488
Description
curl-7.70, compiled with nmake mode=dll
Windows: 7 and 8.1, but not 10
I have observed on multiple Windows machines that https requests performed using curl_easy_perform will fail on occasion (on the order of 1/100 tries). The underlying error is a return value of SEC_E_BUFFER_TOO_SMALL (0x80090321) or SEC_E_MESSAGE_ALTERED (0x8009030) from InitializeSecurityContext.
I have been able to reproduce the intermittent failures on Windows 7 and Windows 8.1 machines. I have not been able to reproduce the issue on Windows 10. The problem reproduced when connecting to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS servers.
I think the bug is in Microsoft code. But perhaps a note should be added to users of libcurl that schannel is unreliable on older Windows.
/* runme 999 https://hi.eewe.us/hi */
#include <curl/curl.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
if (argc < 1) return 1;
if (argc < 2) { printf("%s <url>\n", argv[0]); return 1; }
int count = 1;
const char *url = NULL;
for (int i = 1; i < argc; ++i) {
int x = strtoul(argv[i], 0, 0);
if (x)
count = x;
else
url = argv[i];
}
if (!url) return 1;
for (int i = 0; i < count; ++i) {
CURL *curl = curl_easy_init();
if (!curl) return 1;
char errbuf[CURL_ERROR_SIZE];
errbuf[0] = '\0';
if (curl_easy_setopt(curl, CURLOPT_URL, url)) return 1;
if (curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf)) return 1;
printf("get %s\n", url);
CURLcode res = curl_easy_perform(curl);
if (CURLE_OK != res) {
printf("failed after %d attempts\nlibcurl: (%d) %s\n",
i, res, errbuf);
return 2;
}
curl_easy_cleanup(curl);
}
return 0;
}