Jacek Caban : secur32: Take schannel backend capabilities into account when configuring enabled protocols .
Alexandre Julliard
julliard at winehq.org
Thu Mar 28 15:30:23 CDT 2013
Module: wine
Branch: master
Commit: fe474e3b6a05dddae2c69fbe35100895dd38ae9a
URL: http://source.winehq.org/git/wine.git/?a=commit;h=fe474e3b6a05dddae2c69fbe35100895dd38ae9a
Author: Jacek Caban <jacek at codeweavers.com>
Date: Thu Mar 28 12:05:59 2013 +0100
secur32: Take schannel backend capabilities into account when configuring enabled protocols.
---
dlls/secur32/schannel.c | 2 +-
dlls/secur32/schannel_gnutls.c | 6 ++++++
dlls/secur32/schannel_macosx.c | 5 +++++
dlls/secur32/secur32_priv.h | 1 +
4 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index 9a83a76..df75b67 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -237,7 +237,7 @@ static void read_config(void)
RegCloseKey(protocols_key);
- config_enabled_protocols = enabled;
+ config_enabled_protocols = enabled & schan_imp_enabled_protocols();
config_default_disabled_protocols = default_disabled;
config_read = TRUE;
diff --git a/dlls/secur32/schannel_gnutls.c b/dlls/secur32/schannel_gnutls.c
index 8975b2d..b460505 100644
--- a/dlls/secur32/schannel_gnutls.c
+++ b/dlls/secur32/schannel_gnutls.c
@@ -106,6 +106,12 @@ static ssize_t schan_push_adapter(gnutls_transport_ptr_t transport,
return buff_len;
}
+DWORD schan_imp_enabled_protocols(void)
+{
+ /* NOTE: No support for SSL 2.0 */
+ return SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
+}
+
BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
{
gnutls_session_t *s = (gnutls_session_t*)session;
diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c
index 2acb6ca..c562a98 100644
--- a/dlls/secur32/schannel_macosx.c
+++ b/dlls/secur32/schannel_macosx.c
@@ -630,6 +630,11 @@ static OSStatus schan_push_adapter(SSLConnectionRef transport, const void *buff,
return ret;
}
+DWORD schan_imp_enabled_protocols(void)
+{
+ /* NOTE: No support for TLS 1.1 and TLS 1.2 */
+ return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
+}
BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
{
diff --git a/dlls/secur32/secur32_priv.h b/dlls/secur32/secur32_priv.h
index 5b2ac89..dc08429 100644
--- a/dlls/secur32/secur32_priv.h
+++ b/dlls/secur32/secur32_priv.h
@@ -260,6 +260,7 @@ extern SECURITY_STATUS schan_imp_recv(schan_imp_session session, void *buffer,
SIZE_T *length) DECLSPEC_HIDDEN;
extern BOOL schan_imp_allocate_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
extern void schan_imp_free_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
+extern DWORD schan_imp_enabled_protocols(void) DECLSPEC_HIDDEN;
extern BOOL schan_imp_init(void) DECLSPEC_HIDDEN;
extern void schan_imp_deinit(void) DECLSPEC_HIDDEN;
More information about the wine-cvs
mailing list