schannel: Don't use SSLCopyPeerCertificates on Mac OS 10.4.

2011-10-26 22:57:30 -06:00 · 2011-10-26 22:57:30 -06:00 · 65634bca0b
parent 91c17c8399
commit 65634bca0b
4 changed files with 38 additions and 0 deletions
--- a/14
+++ b/14
@ -6499,6 +6499,20 @@ fi
    then
        SECURITYLIB="-framework Security -framework CoreFoundation"

+                ac_save_LIBS="$LIBS"
+        LIBS="$LIBS $SECURITYLIB"
+        for ac_func in SSLCopyPeerCertificates
+do :
+  ac_fn_c_check_func "$LINENO" "SSLCopyPeerCertificates" "ac_cv_func_SSLCopyPeerCertificates"
+if test "x$ac_cv_func_SSLCopyPeerCertificates" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SSLCOPYPEERCERTIFICATES 1
+_ACEOF
+
+fi
+done
+
+        LIBS="$ac_save_LIBS"
        with_gnutls=${with_gnutls:-no}
    fi
    if test "$ac_cv_header_CoreAudio_CoreAudio_h" = "yes" -a "$ac_cv_header_AudioUnit_AudioUnit_h" = "yes"
--- a/configure.ac
+++ b/configure.ac
@ -720,6 +720,11 @@ case $host_os in
    if test "$ac_cv_header_Security_Security_h" = "yes"
    then
        AC_SUBST(SECURITYLIB,"-framework Security -framework CoreFoundation")
+        dnl Check for the SSLCopyPeerCertificates function
+        ac_save_LIBS="$LIBS"
+        LIBS="$LIBS $SECURITYLIB"
+        AC_CHECK_FUNCS(SSLCopyPeerCertificates)
+        LIBS="$ac_save_LIBS"
        with_gnutls=${with_gnutls:-no}
    fi
    if test "$ac_cv_header_CoreAudio_CoreAudio_h" = "yes" -a "$ac_cv_header_AudioUnit_AudioUnit_h" = "yes"
--- a/dlls/secur32/schannel_macosx.c
+++ b/dlls/secur32/schannel_macosx.c
@ -670,6 +670,13 @@ SECURITY_STATUS schan_imp_get_connection_info(schan_imp_session session,
    return SEC_E_OK;
 }

+#ifndef HAVE_SSLCOPYPEERCERTIFICATES
+static void schan_imp_cf_release(const void *arg, void *ctx)
+{
+    CFRelease(arg);
+}
+#endif
+
 SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session,
                                                       PCCERT_CONTEXT *cert)
 {
@ -680,7 +687,11 @@ SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session

    TRACE("(%p/%p, %p)\n", s, s->context, cert);

+#ifdef HAVE_SSLCOPYPEERCERTIFICATES
    status = SSLCopyPeerCertificates(s->context, &certs);
+#else
+    status = SSLGetPeerCertificates(s->context, &certs);
+#endif
    if (status == noErr && certs)
    {
        SecCertificateRef mac_cert;
@ -702,6 +713,11 @@ SECURITY_STATUS schan_imp_get_session_peer_certificate(schan_imp_session session
        }
        else
            WARN("Couldn't extract certificate data\n");
+#ifndef HAVE_SSLCOPYPEERCERTIFICATES
+        /* This is why SSLGetPeerCertificates was deprecated */
+        CFArrayApplyFunction(certs, CFRangeMake(0, CFArrayGetCount(certs)),
+                             schan_imp_cf_release, NULL);
+#endif
        CFRelease(certs);
    }
    else
--- a/include/config.h.in
+++ b/include/config.h.in
@ -746,6 +746,9 @@
 /* Define to 1 if the system has the type `ssize_t'. */
 #undef HAVE_SSIZE_T

+/* Define to 1 if you have the `SSLCopyPeerCertificates' function. */
+#undef HAVE_SSLCOPYPEERCERTIFICATES
+
 /* Define to 1 if you have the `statfs' function. */
 #undef HAVE_STATFS