Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WinHttp TLS is completely disabled if m_verifySSL is false #3008

Open
renjipanicker opened this issue Jun 18, 2024 · 1 comment
Open

WinHttp TLS is completely disabled if m_verifySSL is false #3008

renjipanicker opened this issue Jun 18, 2024 · 1 comment
Assignees
@SergeyRyabinin
Labels
bug This issue is a bug. p2 This is a standard priority issue

Comments

@renjipanicker
Copy link

Describe the bug

In the file;:
aws-cpp-sdk-core/source/http/windows/WinHttpSyncHttpClient.cpp

Line 541 (in function OpenRequest):
DWORD requestFlags = request->GetUri().GetScheme() == Scheme::HTTPS && m_verifySSL ? WINHTTP_FLAG_SECURE : 0;

This code passes 0 instead of WINHTTP_FLAG_SECURE if m_verifySSL is false. Therefore the connection is not TLS enabled.

This is incorrect behaviour.

Expected Behavior

If the scheme is HTTPS and m_verifySSL is false, it should initiate a TLS connection, and ignore certificate errors.

Current Behavior

If the scheme is HTTPS and m_verifySSL is false, it initiates a non-TLS connection.

Reproduction Steps

Create an outgoing HTTPS request to S3, and set m_verifySSL to false.
Use Wireshark or equivalent to observe that the connection is not TLS enabled.

Possible Solution

Remove the && m_verifySSL from the condition.

Additional Information/Context

No response

AWS CPP SDK version used

1.11.285

Compiler and Version used

Visual Studio 2019

Operating System and version

Windows Server 2019
@renjipanicker renjipanicker added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 18, 2024
@jmklix
Copy link
Member

jmklix commented Jun 19, 2024

Thanks for finding this bug and pointing it out to us. We are working on a fix.

@jmklix jmklix added p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Jun 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SergeyRyabinin SergeyRyabinin

Labels
bug This issue is a bug. p2 This is a standard priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@renjipanicker @jmklix @SergeyRyabinin