Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
3.0.8, 3.1.0, 3.1.5
-
None
-
None
Description
Windows clients that use Schannel often encounter the following error:
SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid
|
MariaDB Connector/C doesn't actually print the error message text, so users actually see this less understandable error message:
Unknown SSL error (0x80090308)
|
As part of this fix, maybe SEC_E_INVALID_TOKEN should be added to the switch statement with a more reasonable error message in ma_schannel_set_sec_error , so that users have a easier time understanding what this means.
https://github.com/MariaDB/mariadb-connector-c/blob/v3.1.0/libmariadb/secure/ma_schannel.c#L32
CONC-418 is also relevant to improving this error message.
In MDEV-13492, it was speculated that the cause may be that when the server is using yaSSL, the server may not be able to perform the DH handshake properly. I don't think this is the cause, because some users are seeing this issue while not using yaSSL in the server, and while also not using ciphers that use the DH algorithm.
In CONC-391, it was speculated that the cause may be that the client may need to be upgraded to a newer Windows version. I don't think this is the cause, because some users are seeing this issue while using an up-to-date Windows 10.
It seems that we still need to determine the root cause.
Attachments
Issue Links
- relates to
-
CONC-418 Use FormatMessage to get error string for unknown Schannel error codes
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-