secur32: Take schannel backend capabilities into account when configuring enabled protocols.

Jacek Caban jacek at codeweavers.com
Wed Apr 10 04:24:40 CDT 2013


On 3/28/13 8:31 PM, Ken Thomases wrote:
> Mac OS X 10.8 introduced support for TLS 1.1 and 1.2.

Can someone with Mac OS X 10.8 test the attached patch for me, please. 
All I need is to verify that it compiles and when running 
dlls/secur32/tests/secur32_test.exe.so schannel, TLS 1.1 and TLS 1.2 are 
listed as supported protocol.

Thanks,
Jacek
-------------- next part --------------
commit 78f9768f8d6759af1df99c4b67b8fd6a93369da4
Author: Jacek Caban <jacek at codeweavers.com>
Date:   Tue Apr 9 12:35:33 2013 +0200

    secur32: Added support for TLS 1.1 and TLS 1.2 on Mac.

diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c
index 5ec06cf..27bb667 100644
--- a/dlls/secur32/schannel_macosx.c
+++ b/dlls/secur32/schannel_macosx.c
@@ -1007,7 +1007,25 @@ BOOL schan_imp_init(void)
     supported_protocols = SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
 
 #if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
-    /* FIXME: Test max allowed version for TLS 1.1 and TLS 1.2 */
+    if(SSLGetProtocolVersionMax) {
+        SSLProtocol max_protocol;
+        SSLContextRef ctx;
+        OSStatus status;
+
+        status = SSLNewContext(FALSE, &ctx);
+        if(status == noErr) {
+            status = SSLGetProtocolVersionMax(ctx, &max_protocol);
+            if(status == noErr) {
+                if(max_protocol >= kTLSProtocol11)
+                    supported_protocols |= SP_PROT_TLS1_1_CLIENT;
+                if(max_protocol >= kTLSProtocol12)
+                    supported_protocols |= SP_PROT_TLS1_2_CLIENT;
+            }
+            SSLDisposeContext(ctx);
+        }else {
+            WARN("SSLNewContext failed\n");
+        }
+    }
 #endif
 
     return TRUE;


More information about the wine-devel mailing list