Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-417

Windows clients using Schannel often encounter error SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.1.0, 3.0.8, 3.1.5
    • Fix Version/s: 3.1.6
    • Labels:
      None

      Description

      Windows clients that use Schannel often encounter the following error:

      SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid
      

      MariaDB Connector/C doesn't actually print the error message text, so users actually see this less understandable error message:

      Unknown SSL error (0x80090308)
      

      As part of this fix, maybe SEC_E_INVALID_TOKEN should be added to the switch statement with a more reasonable error message in ma_schannel_set_sec_error , so that users have a easier time understanding what this means.

      https://github.com/MariaDB/mariadb-connector-c/blob/v3.1.0/libmariadb/secure/ma_schannel.c#L32

      CONC-418 is also relevant to improving this error message.

      In MDEV-13492, it was speculated that the cause may be that when the server is using yaSSL, the server may not be able to perform the DH handshake properly. I don't think this is the cause, because some users are seeing this issue while not using yaSSL in the server, and while also not using ciphers that use the DH algorithm.

      In CONC-391, it was speculated that the cause may be that the client may need to be upgraded to a newer Windows version. I don't think this is the cause, because some users are seeing this issue while using an up-to-date Windows 10.

      It seems that we still need to determine the root cause.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wlad Vladislav Vaintroub
                Reporter:
                GeoffMontee Geoff Montee
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: