Jacek Caban : secur32: Take schannel backend capabilities into account when configuring enabled protocols .

Alexandre Julliard julliard at winehq.org
Thu Mar 28 15:30:23 CDT 2013 

Module: wine
Branch: master
Commit: fe474e3b6a05dddae2c69fbe35100895dd38ae9a
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=fe474e3b6a05dddae2c69fbe35100895dd38ae9a

Author: Jacek Caban <jacek at codeweavers.com>
Date:   Thu Mar 28 12:05:59 2013 +0100

secur32: Take schannel backend capabilities into account when configuring enabled protocols.

---

 dlls/secur32/schannel.c        |    2 +-
 dlls/secur32/schannel_gnutls.c |    6 ++++++
 dlls/secur32/schannel_macosx.c |    5 +++++
 dlls/secur32/secur32_priv.h    |    1 +
 4 files changed, 13 insertions(+), 1 deletions(-)

diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index 9a83a76..df75b67 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -237,7 +237,7 @@ static void read_config(void)
 
     RegCloseKey(protocols_key);
 
-    config_enabled_protocols = enabled;
+    config_enabled_protocols = enabled & schan_imp_enabled_protocols();
     config_default_disabled_protocols = default_disabled;
     config_read = TRUE;
 
diff --git a/dlls/secur32/schannel_gnutls.c b/dlls/secur32/schannel_gnutls.c
index 8975b2d..b460505 100644
--- a/dlls/secur32/schannel_gnutls.c
+++ b/dlls/secur32/schannel_gnutls.c
@@ -106,6 +106,12 @@ static ssize_t schan_push_adapter(gnutls_transport_ptr_t transport,
     return buff_len;
 }
 
+DWORD schan_imp_enabled_protocols(void)
+{
+    /* NOTE: No support for SSL 2.0 */
+    return SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
+}
+
 BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
 {
     gnutls_session_t *s = (gnutls_session_t*)session;
diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c
index 2acb6ca..c562a98 100644
--- a/dlls/secur32/schannel_macosx.c
+++ b/dlls/secur32/schannel_macosx.c
@@ -630,6 +630,11 @@ static OSStatus schan_push_adapter(SSLConnectionRef transport, const void *buff,
     return ret;
 }
 
+DWORD schan_imp_enabled_protocols(void)
+{
+    /* NOTE: No support for TLS 1.1 and TLS 1.2 */
+    return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
+}
 
 BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
 {
diff --git a/dlls/secur32/secur32_priv.h b/dlls/secur32/secur32_priv.h
index 5b2ac89..dc08429 100644
--- a/dlls/secur32/secur32_priv.h
+++ b/dlls/secur32/secur32_priv.h
@@ -260,6 +260,7 @@ extern SECURITY_STATUS schan_imp_recv(schan_imp_session session, void *buffer,
                                       SIZE_T *length) DECLSPEC_HIDDEN;
 extern BOOL schan_imp_allocate_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
 extern void schan_imp_free_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
+extern DWORD schan_imp_enabled_protocols(void) DECLSPEC_HIDDEN;
 extern BOOL schan_imp_init(void) DECLSPEC_HIDDEN;
 extern void schan_imp_deinit(void) DECLSPEC_HIDDEN;

More information about the wine-cvs mailing list