winhttp: Implement WINHTTP_OPTION_SECURE_PROTOCOLS.

Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Hans Leidekker 2017-09-12 09:59:06 +02:00 committed by Alexandre Julliard
parent d71fcc93e4
commit 2b77b0bb6b
5 changed files with 44 additions and 6 deletions

View File

@ -1093,11 +1093,28 @@ static void cache_connection( netconn_t *netconn )
LeaveCriticalSection( &connection_pool_cs ); LeaveCriticalSection( &connection_pool_cs );
} }
static DWORD map_secure_protocols( DWORD mask )
{
DWORD ret = 0;
if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_SSL2) ret |= SP_PROT_SSL2_CLIENT;
if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_SSL3) ret |= SP_PROT_SSL3_CLIENT;
if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_TLS1) ret |= SP_PROT_TLS1_CLIENT;
if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1) ret |= SP_PROT_TLS1_1_CLIENT;
if (mask & WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2) ret |= SP_PROT_TLS1_2_CLIENT;
return ret;
}
static BOOL ensure_cred_handle( session_t *session ) static BOOL ensure_cred_handle( session_t *session )
{ {
SCHANNEL_CRED cred;
SECURITY_STATUS status; SECURITY_STATUS status;
if (session->cred_handle_initialized) return TRUE; if (session->cred_handle_initialized) return TRUE;
if ((status = AcquireCredentialsHandleW( NULL, (WCHAR *)UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL, NULL,
memset( &cred, 0, sizeof(cred) );
cred.dwVersion = SCHANNEL_CRED_VERSION;
cred.grbitEnabledProtocols = map_secure_protocols( session->secure_protocols );
if ((status = AcquireCredentialsHandleW( NULL, (WCHAR *)UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL, &cred,
NULL, NULL, &session->cred_handle, NULL )) != SEC_E_OK) NULL, NULL, &session->cred_handle, NULL )) != SEC_E_OK)
{ {
WARN( "AcquireCredentialsHandleW failed: 0x%08x\n", status ); WARN( "AcquireCredentialsHandleW failed: 0x%08x\n", status );

View File

@ -184,6 +184,17 @@ static BOOL session_set_option( object_header_t *hdr, DWORD option, LPVOID buffe
hdr->redirect_policy = policy; hdr->redirect_policy = policy;
return TRUE; return TRUE;
} }
case WINHTTP_OPTION_SECURE_PROTOCOLS:
{
if (buflen != sizeof(session->secure_protocols))
{
set_last_error( ERROR_INSUFFICIENT_BUFFER );
return FALSE;
}
session->secure_protocols = *(DWORD *)buffer;
TRACE("0x%x\n", session->secure_protocols);
return TRUE;
}
case WINHTTP_OPTION_DISABLE_FEATURE: case WINHTTP_OPTION_DISABLE_FEATURE:
set_last_error( ERROR_WINHTTP_INCORRECT_HANDLE_TYPE ); set_last_error( ERROR_WINHTTP_INCORRECT_HANDLE_TYPE );
return FALSE; return FALSE;

View File

@ -974,7 +974,7 @@ static void test_secure_connection(void)
{ {
static const char data_start[] = "<!DOCTYPE html PUBLIC"; static const char data_start[] = "<!DOCTYPE html PUBLIC";
HINTERNET ses, con, req; HINTERNET ses, con, req;
DWORD size, status, policy, bitness, read_size, err, available_size; DWORD size, status, policy, bitness, read_size, err, available_size, protocols;
BOOL ret; BOOL ret;
CERT_CONTEXT *cert; CERT_CONTEXT *cert;
WINHTTP_CERTIFICATE_INFO info; WINHTTP_CERTIFICATE_INFO info;
@ -987,6 +987,11 @@ static void test_secure_connection(void)
ret = WinHttpSetOption(ses, WINHTTP_OPTION_REDIRECT_POLICY, &policy, sizeof(policy)); ret = WinHttpSetOption(ses, WINHTTP_OPTION_REDIRECT_POLICY, &policy, sizeof(policy));
ok(ret, "failed to set redirect policy %u\n", GetLastError()); ok(ret, "failed to set redirect policy %u\n", GetLastError());
protocols = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
ret = WinHttpSetOption(ses, WINHTTP_OPTION_SECURE_PROTOCOLS, &protocols, sizeof(protocols));
err = GetLastError();
ok(ret || (!ret && err == ERROR_INVALID_PARAMETER) /* < win7 */, "failed to set protocols %u\n", err);
con = WinHttpConnect(ses, test_winehq, 443, 0); con = WinHttpConnect(ses, test_winehq, 443, 0);
ok(con != NULL, "failed to open a connection %u\n", GetLastError()); ok(con != NULL, "failed to open a connection %u\n", GetLastError());

View File

@ -122,6 +122,7 @@ typedef struct
HANDLE unload_event; HANDLE unload_event;
CredHandle cred_handle; CredHandle cred_handle;
BOOL cred_handle_initialized; BOOL cred_handle_initialized;
DWORD secure_protocols;
} session_t; } session_t;
typedef struct typedef struct

View File

@ -440,10 +440,14 @@ typedef int INTERNET_SCHEME, *LPINTERNET_SCHEME;
#define WINHTTP_CALLBACK_STATUS_FLAG_CERT_WRONG_USAGE 0x00000040 #define WINHTTP_CALLBACK_STATUS_FLAG_CERT_WRONG_USAGE 0x00000040
#define WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR 0x80000000 #define WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR 0x80000000
#define WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 0x00000008 #define WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 0x00000008
#define WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 0x00000020 #define WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 0x00000020
#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 0x00000080 #define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 0x00000080
#define WINHTTP_FLAG_SECURE_PROTOCOL_ALL (WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 | WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1) #define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 0x00000200
#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 0x00000800
#define WINHTTP_FLAG_SECURE_PROTOCOL_ALL (WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 |\
WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 |\
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1)
#define WINHTTP_AUTH_SCHEME_BASIC 0x00000001 #define WINHTTP_AUTH_SCHEME_BASIC 0x00000001
#define WINHTTP_AUTH_SCHEME_NTLM 0x00000002 #define WINHTTP_AUTH_SCHEME_NTLM 0x00000002