3 files changed, 30 insertions, 30 deletions

diff --git a/cpp/src/IceSSL/SChannelTransceiverI.cpp b/cpp/src/IceSSL/SChannelTransceiverI.cpp
index 1287047168a..943df427c57 100644
--- a/cpp/src/IceSSL/SChannelTransceiverI.cpp
+++ b/cpp/src/IceSSL/SChannelTransceiverI.cpp
@@ -201,6 +201,12 @@ getSecBufferWithType(const SecBufferDesc& desc, ULONG bufferType)
     return 0;
 }
 
+string
+secStatusToString(SECURITY_STATUS status)
+{
+    return IceUtilInternal::errorToString(status);
+}
+
 }
 
 IceInternal::NativeInfoPtr
@@ -245,8 +251,7 @@ SChannel::TransceiverI::sslHandshake()
                                             &_ssl, &outBufferDesc, &ctxFlags, 0);
             if(err != SEC_E_OK && err != SEC_I_CONTINUE_NEEDED)
             {
-                throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" +
-                                        IceUtilInternal::lastErrorToString());
+                throw SecurityException(__FILE__, __LINE__, "IceSSL: handshake failure:\n" + secStatusToString(err));
             }
             _sslInitialized = true;
 
@@ -316,8 +321,7 @@ SChannel::TransceiverI::sslHandshake()
             }
             else if(err != SEC_I_CONTINUE_NEEDED && err != SEC_E_OK)
             {
-                throw SecurityException(__FILE__, __LINE__, "SSL handshake failure:\n" +
-                                        IceUtilInternal::lastErrorToString());
+                throw SecurityException(__FILE__, __LINE__, "SSL handshake failure:\n" + secStatusToString(err));
             }
 
             //
@@ -453,7 +457,7 @@ SChannel::TransceiverI::sslHandshake()
     if(err != SEC_E_OK)
     {
         throw SecurityException(__FILE__, __LINE__, "IceSSL: failure to query stream sizes attributes:\n" +
-                                IceUtilInternal::lastErrorToString());
+                                secStatusToString(err));
     }
 
     size_t pos = _readBuffer.i - _readBuffer.b.begin();
@@ -536,7 +540,7 @@ SChannel::TransceiverI::decryptMessage(IceInternal::Buffer& buffer)
         else if(err != SEC_E_OK)
         {
             throw ProtocolException(__FILE__, __LINE__, "IceSSL: protocol error during read:\n" +
-                                    IceUtilInternal::lastErrorToString());
+                                    secStatusToString(err));
         }
 
         SecBuffer* dataBuffer = getSecBufferWithType(inBufferDesc, SECBUFFER_DATA);
@@ -609,7 +613,7 @@ SChannel::TransceiverI::encryptMessage(IceInternal::Buffer& buffer)
     if(err != SEC_E_OK)
     {
         throw ProtocolException(__FILE__, __LINE__, "IceSSL: protocol error encrypting message:\n" +
-                                IceUtilInternal::lastErrorToString());
+                                secStatusToString(err));
     }
 
     // EncryptMessage resizes the buffers, so resize the write buffer as well to reflect this.
@@ -646,7 +650,7 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:
     if(err && err != SEC_E_NO_CREDENTIALS)
     {
         throw SecurityException(__FILE__, __LINE__, "IceSSL: certificate verification failure:\n" +
-                                IceUtilInternal::lastErrorToString());
+                                secStatusToString(err));
     }
 
     if(!cert && ((!_incoming && _engine->getVerifyPeer() > 0) || (_incoming && _engine->getVerifyPeer() == 2)))
@@ -655,8 +659,7 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:
         // Clients require server certificate if VerifyPeer > 0 and servers require client
         // certificate if VerifyPeer == 2
         //
-        throw SecurityException(__FILE__, __LINE__, "IceSSL: certificate required:\n" +
-                                IceUtilInternal::lastErrorToString());
+        throw SecurityException(__FILE__, __LINE__, "IceSSL: certificate required");
     }
     else if(cert) // Verify the remote certificate
     {
@@ -736,14 +739,14 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:
     }
 
     SecPkgContext_ConnectionInfo connInfo;
-    if(QueryContextAttributes(&_ssl, SECPKG_ATTR_CONNECTION_INFO, &connInfo) == SEC_E_OK)
+    err = QueryContextAttributes(&_ssl, SECPKG_ATTR_CONNECTION_INFO, &connInfo);
+    if(err == SEC_E_OK)
     {
         _cipher = _engine->getCipherName(connInfo.aiCipher);
     }
     else
     {
-        throw SecurityException(__FILE__, __LINE__, "IceSSL: error reading cipher info:\n" +
-                                IceUtilInternal::lastErrorToString());
+        throw SecurityException(__FILE__, __LINE__, "IceSSL: error reading cipher info:\n" + secStatusToString(err));
     }
 
     _engine->verifyPeer(_host, ICE_DYNAMIC_CAST(ConnectionInfo, getInfo()), toString());
diff --git a/cpp/test/Glacier2/router/Client.cpp b/cpp/test/Glacier2/router/Client.cpp
index 14ee079e71e..e759edf9135 100644
--- a/cpp/test/Glacier2/router/Client.cpp
+++ b/cpp/test/Glacier2/router/Client.cpp
@@ -874,8 +874,9 @@ CallbackClient::run(int argc, char* argv[])
         {
             router->destroySession();
         }
-        catch(const Ice::LocalException&)
+        catch(const Ice::LocalException& ex)
         {
+            cerr << ex << endl;
             test(false);
         }
         cout << "ok" << endl;
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index 15836e3ed7b..94b1ae2e2cb 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -33,6 +33,10 @@ using namespace Windows::Security::Cryptography;
 using namespace Windows::Security::Cryptography::Certificates;
 #endif
 
+#ifdef _WIN32
+#   include <VersionHelpers.h>
+#endif
+
 #ifdef ICE_CPP11_MAPPING
 #   define ICE_TARGET_EQUAL_TO(A,B) Ice::targetEqualTo(A, B)
 #else
@@ -2867,16 +2871,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
     //
     // No DSA support in Secure Transport / AIX 7.1
     //
-#  if !defined(ICE_USE_SECURE_TRANSPORT) && !defined(_AIX)
+#  if !defined(ICE_USE_SECURE_TRANSPORT) && !defined(_AIX) && !defined(ICE_USE_SCHANNEL)
     {
+        //
+        // DSA PEM keys are not supported with SChannel. Since Windows 10
+        // Creator Update DHE_DSS is also disabled by default so DSA keys
+        // can no longer be used.
+        //
 
-    //
-    // DSA PEM certificates are not supported with SChannel.
-    //
-#    ifdef ICE_USE_SCHANNEL
-    if(p12)
-    {
-#    endif
         //
         // Configure a server with RSA and DSA certificates.
         //
@@ -2935,11 +2937,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
         }
         fact->destroyServer(server);
         comm->destroy();
-#    ifdef ICE_USE_SCHANNEL
-    }
-#    endif
 
-#    ifndef ICE_USE_SCHANNEL
         //
         // Next try a client with ADH. This should fail.
         //
@@ -2969,9 +2967,8 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
         }
         fact->destroyServer(server);
         comm->destroy();
-#    endif
     }
-#    ifndef ICE_USE_SCHANNEL
+
     {
         //
         // Configure a server with RSA and a client with DSA. This should fail.
@@ -3008,8 +3005,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12)
         fact->destroyServer(server);
         comm->destroy();
     }
-#    endif
-#  endif
+#   endif
     cout << "ok" << endl;
 #endif