https://bugs.winehq.org/show_bug.cgi?id=39264
--- Comment #4 from Sebastian Lackner sebastian@fds-team.de --- (In reply to 7element from comment #2)
Yes, I should have mentioned that. Sorry. In my opinion if we already read the data, there is no need to try decrypt another message, but you are the expert. The other way is to check on next call to read_ssl_chunk BEFORE the assert if we already have all the data. Or change the assert to be <= and after that make the check and break. I'll leave the best course of action to your expertise, but I hope you understand why this is a problem.
The code was not written by me, and in general has a very bad quality. Nevertheless my understanding is, that an implementation can rely on the fact, that the values returned by QueryContextAttributesW are correct. This means after reading a maximum of (conn->ssl_sizes.cbHeader+conn->ssl_sizes.cbMaximumMessage+conn->ssl_sizes.cbTrailer) bytes, the implementation should be able to tell if its a correct message (SEC_E_OK) or if an error occurred, but definitely shouldn't return SEC_E_INCOMPLETE_MESSAGE anymore. As far as I know ReactOS also never encountered this assertion with the old gnutls based implementation, right?
For such development related questions and discussions it might be better to ask them at wine-devel, since its very unlikely that a lot of developers will see it here on the bugtracker.