[PATCH] schannel: Don't use SSLCopyPeerCertificates on Mac OS 10.4.

Charles Davis cdavis at mymail.mines.edu
Wed Oct 26 23:57:30 CDT 2011 

---
 configure.ac                   |    5 +++++
 dlls/secur32/schannel_macosx.c |   16 ++++++++++++++++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/configure.ac b/configure.ac
index ad4f36f..c4e44af 100644
--- a/configure.ac
+++ b/configure.ac
@@ -720,6 +720,11 @@ case $host_os in
     if test "$ac_cv_header_Security_Security_h" = "yes"
     then
         AC_SUBST(SECURITYLIB,"-framework Security -framework CoreFoundation")
+        dnl Check for the SSLCopyPeerCertificates function
+        ac_save_LIBS="$LIBS"
+        LIBS="$LIBS $SECURITYLIB"
+        AC_CHECK_FUNCS(SSLCopyPeerCertificates)
+        LIBS="$ac_save_LIBS"
         with_gnutls=${with_gnutls:-no}
     fi
     if test "$ac_cv_header_CoreAudio_CoreAudio_h" = "yes" -a "$ac_cv_header_AudioUnit_AudioUnit_h" = "yes"
diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c
index 1158b14..01493b1 100644
--- a/dlls/secur32/schannel_macosx.c
+++ b/dlls/secur32/schannel_macosx.c
@@ -670,6 +670,13 @@ SECURITY_STATUS schan_imp_get_connection_info(schan_imp_session session,
     return SEC_E_OK;
 }
 
+#ifndef HAVE_SSLCOPYPEERCERTIFICATES
+static void schan_imp_cf_release(const void *arg, void *ctx)
+{
+    CFRelease(arg);
+}
+#endif
+
 SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session,
                                                        PCCERT_CONTEXT *cert)
 {
@@ -680,7 +687,11 @@ SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session
 
     TRACE("(%p/%p, %p)\n", s, s->context, cert);
 
+#ifdef HAVE_SSLCOPYPEERCERTIFICATES
     status = SSLCopyPeerCertificates(s->context, &certs);
+#else
+    status = SSLGetPeerCertificates(s->context, &certs);
+#endif
     if (status == noErr && certs)
     {
         SecCertificateRef mac_cert;
@@ -702,6 +713,11 @@ SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session
         }
         else
             WARN("Couldn't extract certificate data\n");
+#ifndef HAVE_SSLCOPYPEERCERTIFICATES
+        /* This is why SSLGetPeerCertificates was deprecated */
+        CFArrayApplyFunction(certs, CFRangeMake(0, CFArrayGetCount(certs)),
+                             schan_imp_cf_release, NULL);
+#endif
         CFRelease(certs);
     }
     else
-- 
1.7.7.1

More information about the wine-patches mailing list