secur32: Take schannel backend capabilities into account when configuring enabled protocols.
Jacek Caban
jacek at codeweavers.com
Wed Apr 10 04:24:40 CDT 2013
On 3/28/13 8:31 PM, Ken Thomases wrote:
> Mac OS X 10.8 introduced support for TLS 1.1 and 1.2.
Can someone with Mac OS X 10.8 test the attached patch for me, please.
All I need is to verify that it compiles and when running
dlls/secur32/tests/secur32_test.exe.so schannel, TLS 1.1 and TLS 1.2 are
listed as supported protocol.
Thanks,
Jacek
-------------- next part --------------
commit 78f9768f8d6759af1df99c4b67b8fd6a93369da4
Author: Jacek Caban <jacek at codeweavers.com>
Date: Tue Apr 9 12:35:33 2013 +0200
secur32: Added support for TLS 1.1 and TLS 1.2 on Mac.
diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c
index 5ec06cf..27bb667 100644
--- a/dlls/secur32/schannel_macosx.c
+++ b/dlls/secur32/schannel_macosx.c
@@ -1007,7 +1007,25 @@ BOOL schan_imp_init(void)
supported_protocols = SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
#if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
- /* FIXME: Test max allowed version for TLS 1.1 and TLS 1.2 */
+ if(SSLGetProtocolVersionMax) {
+ SSLProtocol max_protocol;
+ SSLContextRef ctx;
+ OSStatus status;
+
+ status = SSLNewContext(FALSE, &ctx);
+ if(status == noErr) {
+ status = SSLGetProtocolVersionMax(ctx, &max_protocol);
+ if(status == noErr) {
+ if(max_protocol >= kTLSProtocol11)
+ supported_protocols |= SP_PROT_TLS1_1_CLIENT;
+ if(max_protocol >= kTLSProtocol12)
+ supported_protocols |= SP_PROT_TLS1_2_CLIENT;
+ }
+ SSLDisposeContext(ctx);
+ }else {
+ WARN("SSLNewContext failed\n");
+ }
+ }
#endif
return TRUE;
More information about the wine-devel
mailing list