Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-417

Windows clients using Schannel often encounter error SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • 3.0.8, 3.1.0, 3.1.5
    • 3.1.6
    • None
    • None

    Description

      Windows clients that use Schannel often encounter the following error:

      SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid

      MariaDB Connector/C doesn't actually print the error message text, so users actually see this less understandable error message:

      Unknown SSL error (0x80090308)

      As part of this fix, maybe SEC_E_INVALID_TOKEN should be added to the switch statement with a more reasonable error message in ma_schannel_set_sec_error , so that users have a easier time understanding what this means.

      https://github.com/MariaDB/mariadb-connector-c/blob/v3.1.0/libmariadb/secure/ma_schannel.c#L32

      CONC-418 is also relevant to improving this error message.

      In MDEV-13492, it was speculated that the cause may be that when the server is using yaSSL, the server may not be able to perform the DH handshake properly. I don't think this is the cause, because some users are seeing this issue while not using yaSSL in the server, and while also not using ciphers that use the DH algorithm.

      In CONC-391, it was speculated that the cause may be that the client may need to be upgraded to a newer Windows version. I don't think this is the cause, because some users are seeing this issue while using an up-to-date Windows 10.

      It seems that we still need to determine the root cause.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. CONC-418 Use FormatMessage to get error string for unknown Schannel error codes

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONC-432 Use GnuTLS for Windows builds instead of Schannel

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONC-391 Unknown SSL error - MariaDB

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-13492 main.ssl_connect failed with 2026: Unknown SSL error (0x80090308)

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-13726 main.ssl_timeout, main.ssl_7937 failed (sporadically) in buildbot, unknown SSL error (0x80090308)

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            GeoffMontee Geoff Montee (Inactive) added a comment -

            This issue is still present in 3.1.5.

            GeoffMontee Geoff Montee (Inactive) added a comment - This issue is still present in 3.1.5.
            GeoffMontee Geoff Montee (Inactive) added a comment -

            wlad and georg,

            Do you think this one should be closed along with MDEV-13492?

            GeoffMontee Geoff Montee (Inactive) added a comment - wlad and georg , Do you think this one should be closed along with MDEV-13492 ?
            wlad Vladislav Vaintroub added a comment - - edited

            Yes, I guess this is a duplicate. However "often" can also mean "sporadic", so maybe this is a different one, worked around elsewhere

            wlad Vladislav Vaintroub added a comment - - edited Yes, I guess this is a duplicate. However "often" can also mean "sporadic", so maybe this is a different one, worked around elsewhere
            GeoffMontee Geoff Montee (Inactive) added a comment -

            I would agree that this is probably a duplicate of MDEV-13492. I created this one to track the underlying problem in C/C (which also effects things like C/ODBC), since MDEV-13492 was very specific to a failing test in the server.

            It looks like this will be fixed in 3.1.6. I don't see that version as an option for "Fix Version/s" in Jira yet, so someone will probably have to create that version before this can be closed.

            GeoffMontee Geoff Montee (Inactive) added a comment - I would agree that this is probably a duplicate of MDEV-13492 . I created this one to track the underlying problem in C/C (which also effects things like C/ODBC), since MDEV-13492 was very specific to a failing test in the server. It looks like this will be fixed in 3.1.6. I don't see that version as an option for "Fix Version/s" in Jira yet, so someone will probably have to create that version before this can be closed.

            People

              wlad Vladislav Vaintroub
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.