schannel_verify: Fix concurrent openings of CA file

- Open the CA file using FILE_SHARE_READ mode so that others can read from it as well. Prior to this change our schannel code opened the CA file without sharing which meant concurrent openings (eg an attempt from another thread or process) would fail during the time it was open without sharing, which in curl's case would cause error: "schannel: failed to open CA file". Bug: https://curl.haxx.se/mail/lib-2019-10/0104.html Reported-by: Richard Alcock
2024-11-16 06:25:03 -05:00 · 2019-11-01 18:02:59 -04:00 · 2019-11-01 18:02:59 -04:00 · 9c49824902
commit 9c49824902
parent c2b01cce5c
1 changed files with 1 additions and 1 deletions
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@ -111,7 +111,7 @@ static CURLcode add_certs_to_store(HCERTSTORE trust_store,
   */
  ca_file_handle = CreateFile(ca_file_tstr,
                              GENERIC_READ,
-                              0,
+                              FILE_SHARE_READ,
                              NULL,
                              OPEN_EXISTING,
                              FILE_ATTRIBUTE_NORMAL,