From 2b77b0bb6b220979278bc4153d0fa854f8eeb5e7 Mon Sep 17 00:00:00 2001 From: Hans Leidekker Date: Tue, 12 Sep 2017 09:59:06 +0200 Subject: [PATCH] winhttp: Implement WINHTTP_OPTION_SECURE_PROTOCOLS. Signed-off-by: Hans Leidekker Signed-off-by: Alexandre Julliard --- dlls/winhttp/request.c | 19 ++++++++++++++++++- dlls/winhttp/session.c | 11 +++++++++++ dlls/winhttp/tests/winhttp.c | 7 ++++++- dlls/winhttp/winhttp_private.h | 1 + include/winhttp.h | 12 ++++++++---- 5 files changed, 44 insertions(+), 6 deletions(-) diff --git a/dlls/winhttp/request.c b/dlls/winhttp/request.c index 4103a84725f..f3f4cf85f8a 100644 --- a/dlls/winhttp/request.c +++ b/dlls/winhttp/request.c @@ -1093,11 +1093,28 @@ static void cache_connection( netconn_t *netconn ) LeaveCriticalSection( &connection_pool_cs ); } +static DWORD map_secure_protocols( DWORD mask ) +{ + DWORD ret = 0; + if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_SSL2) ret |= SP_PROT_SSL2_CLIENT; + if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_SSL3) ret |= SP_PROT_SSL3_CLIENT; + if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_TLS1) ret |= SP_PROT_TLS1_CLIENT; + if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1) ret |= SP_PROT_TLS1_1_CLIENT; + if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2) ret |= SP_PROT_TLS1_2_CLIENT; + return ret; +} + static BOOL ensure_cred_handle( session_t *session ) { + SCHANNEL_CRED cred; SECURITY_STATUS status; + if (session->cred_handle_initialized) return TRUE; - if ((status = AcquireCredentialsHandleW( NULL, (WCHAR *)UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL, NULL, + + memset( &cred, 0, sizeof(cred) ); + cred.dwVersion = SCHANNEL_CRED_VERSION; + cred.grbitEnabledProtocols = map_secure_protocols( session->secure_protocols ); + if ((status = AcquireCredentialsHandleW( NULL, (WCHAR *)UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL, &cred, NULL, NULL, &session->cred_handle, NULL )) != SEC_E_OK) { WARN( "AcquireCredentialsHandleW failed: 0x%08x\n", status ); diff --git a/dlls/winhttp/session.c b/dlls/winhttp/session.c index a448869e3bb..b54e77bc4e9 100644 --- a/dlls/winhttp/session.c +++ b/dlls/winhttp/session.c @@ -184,6 +184,17 @@ static BOOL session_set_option( object_header_t *hdr, DWORD option, LPVOID buffe hdr->redirect_policy = policy; return TRUE; } + case WINHTTP_OPTION_SECURE_PROTOCOLS: + { + if (buflen != sizeof(session->secure_protocols)) + { + set_last_error( ERROR_INSUFFICIENT_BUFFER ); + return FALSE; + } + session->secure_protocols = *(DWORD *)buffer; + TRACE("0x%x\n", session->secure_protocols); + return TRUE; + } case WINHTTP_OPTION_DISABLE_FEATURE: set_last_error( ERROR_WINHTTP_INCORRECT_HANDLE_TYPE ); return FALSE; diff --git a/dlls/winhttp/tests/winhttp.c b/dlls/winhttp/tests/winhttp.c index c9f5ecd7d40..2babe98c20f 100644 --- a/dlls/winhttp/tests/winhttp.c +++ b/dlls/winhttp/tests/winhttp.c @@ -974,7 +974,7 @@ static void test_secure_connection(void) { static const char data_start[] = "