Re: ISC_RET_xxx and ASC_RET_xxx bits
From: Roy Chastain (roy_at_kmsys.com)
Date: Tue, 26 Jul 2005 06:38:26 -0400
No, you misunderstand.
Yes, I realize the ISC_REQ_CONFIDENTIALITY has to be requested by both sides. My point is that when both sides request
ISC_REQ_CONFIDENTIALITY and the SSL handshake completes with an OK (final calls), the ISC_RET_CONFIDENTIALITY bit is not set, yet
EncryptMessage and DecryptMessage work.
When I say "quit working", I mean that about 6-9 months ago, this code was written and tested on a 2000 server with SP4. At that
point, the ISC_RET_CONFIDENTIALITY bit was returned. Now, with 2000 server SP4 plus recent roll-up, that bit is not returned. I
also believe that the bit is not being returned on a 2003 SP1.
Does your example program actaully request encryption and the dump the resulting bits?
On Tue, 26 Jul 2005 07:29:25 GMT, email@example.com (Rhett Gong [MSFT]) wrote:
>>Bottom line, is that ISC_RET_CONFIDENTIALITY is missing.
>You just request ISC_RET_CONFIDENTIALITY in the call, since whether ISC_RET_CONFIDENTIALITY is returned or not
>depends on the result from the negotiation, there is no guarantee that you will receive this flag, if client/server does not prefer.
>You said it stopped working while ISC return OK, could you post what subsequent call fails and what error it reports? In
>addition, have you tested the SDK sample, what result you get?
>Rhett Gong [MSFT]
>Microsoft Online Partner Support
>Get Secure! - www.microsoft.com/security
>This posting is provided "AS IS" with no warranties and confers no rights.
KMSYS Worldwide, Inc.