[CONC-417] Windows clients using Schannel often encounter error SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid Created: 2019-06-04  Updated: 2020-08-25  Resolved: 2019-12-03

Status: Closed
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: 3.0.8, 3.1.0, 3.1.5
Fix Version/s: 3.1.6

Type: Bug Priority: Critical
Reporter: Geoff Montee (Inactive) Assignee: Vladislav Vaintroub
Resolution: Fixed Votes: 1
Labels: None

Issue Links:
Relates
relates to CONC-418 Use FormatMessage to get error string... Closed
relates to CONC-432 Use GnuTLS for Windows builds instead... Closed
relates to CONC-391 Unknown SSL error - MariaDB Closed
relates to MDEV-13492 main.ssl_connect failed with 2026: U... Closed
relates to MDEV-13726 main.ssl_timeout, main.ssl_7937 fai... Closed

 Description   

Windows clients that use Schannel often encounter the following error:

SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid

MariaDB Connector/C doesn't actually print the error message text, so users actually see this less understandable error message:

Unknown SSL error (0x80090308)

As part of this fix, maybe SEC_E_INVALID_TOKEN should be added to the switch statement with a more reasonable error message in ma_schannel_set_sec_error , so that users have a easier time understanding what this means.

https://github.com/MariaDB/mariadb-connector-c/blob/v3.1.0/libmariadb/secure/ma_schannel.c#L32

CONC-418 is also relevant to improving this error message.

In MDEV-13492, it was speculated that the cause may be that when the server is using yaSSL, the server may not be able to perform the DH handshake properly. I don't think this is the cause, because some users are seeing this issue while not using yaSSL in the server, and while also not using ciphers that use the DH algorithm.

In CONC-391, it was speculated that the cause may be that the client may need to be upgraded to a newer Windows version. I don't think this is the cause, because some users are seeing this issue while using an up-to-date Windows 10.

It seems that we still need to determine the root cause.

 Comments   
Comment by Geoff Montee (Inactive) [ 2019-11-15 ]

This issue is still present in 3.1.5.

Comment by Geoff Montee (Inactive) [ 2019-12-02 ]

wlad and georg,

Do you think this one should be closed along with MDEV-13492?

Comment by Vladislav Vaintroub [ 2019-12-02 ]

Yes, I guess this is a duplicate. However "often" can also mean "sporadic", so maybe this is a different one, worked around elsewhere

Comment by Geoff Montee (Inactive) [ 2019-12-02 ]

I would agree that this is probably a duplicate of MDEV-13492. I created this one to track the underlying problem in C/C (which also effects things like C/ODBC), since MDEV-13492 was very specific to a failing test in the server.

It looks like this will be fixed in 3.1.6. I don't see that version as an option for "Fix Version/s" in Jira yet, so someone will probably have to create that version before this can be closed.

Generated at Thu Feb 08 03:05:10 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.