Jacek Caban : secur32: Pass enabled protocols to Mac Secure Transport.
Alexandre Julliard
julliard at winehq.org
Mon Apr 1 13:48:40 CDT 2013
Module: wine
Branch: master
Commit: 8036bd14f9115fe793a96b756d5f29ac1a7c5479
URL: http://source.winehq.org/git/wine.git/?a=commit;h=8036bd14f9115fe793a96b756d5f29ac1a7c5479
Author: Jacek Caban <jacek at codeweavers.com>
Date: Sat Mar 30 16:25:44 2013 +0100
secur32: Pass enabled protocols to Mac Secure Transport.
---
dlls/secur32/schannel_macosx.c | 40 +++++++++++++++++++++++++++++++++-------
1 files changed, 33 insertions(+), 7 deletions(-)
diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c
index c562a98..5ec06cf 100644
--- a/dlls/secur32/schannel_macosx.c
+++ b/dlls/secur32/schannel_macosx.c
@@ -630,15 +630,28 @@ static OSStatus schan_push_adapter(SSLConnectionRef transport, const void *buff,
return ret;
}
+static const struct {
+ DWORD enable_flag;
+ SSLProtocol mac_version;
+} protocol_priority_flags[] = {
+ {SP_PROT_TLS1_2_CLIENT, kTLSProtocol12},
+ {SP_PROT_TLS1_1_CLIENT, kTLSProtocol11},
+ {SP_PROT_TLS1_0_CLIENT, kTLSProtocol1},
+ {SP_PROT_SSL3_CLIENT, kSSLProtocol3},
+ {SP_PROT_SSL2_CLIENT, kSSLProtocol2}
+};
+
+static DWORD supported_protocols;
+
DWORD schan_imp_enabled_protocols(void)
{
- /* NOTE: No support for TLS 1.1 and TLS 1.2 */
- return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
+ return supported_protocols;
}
BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
{
struct mac_session *s;
+ unsigned i;
OSStatus status;
TRACE("(%p)\n", session);
@@ -668,11 +681,17 @@ BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cre
goto fail;
}
- status = SSLSetProtocolVersionEnabled(s->context, kSSLProtocol2, FALSE);
- if (status != noErr)
- {
- ERR("Failed to disable SSL version 2: %ld\n", (long)status);
- goto fail;
+ for(i=0; i < sizeof(protocol_priority_flags)/sizeof(*protocol_priority_flags); i++) {
+ if(!(protocol_priority_flags[i].enable_flag & supported_protocols))
+ continue;
+
+ status = SSLSetProtocolVersionEnabled(s->context, protocol_priority_flags[i].mac_version,
+ (cred->enabled_protocols & protocol_priority_flags[i].enable_flag) != 0);
+ if (status != noErr)
+ {
+ ERR("Failed to set SSL version %d: %ld\n", protocol_priority_flags[i].mac_version, (long)status);
+ goto fail;
+ }
}
status = SSLSetIOFuncs(s->context, schan_pull_adapter, schan_push_adapter);
@@ -984,6 +1003,13 @@ void schan_imp_free_certificate_credentials(schan_credentials *c)
BOOL schan_imp_init(void)
{
TRACE("()\n");
+
+ supported_protocols = SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
+
+#if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
+ /* FIXME: Test max allowed version for TLS 1.1 and TLS 1.2 */
+#endif
+
return TRUE;
}
More information about the wine-cvs
mailing list