ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

secur32: Pass enabled protocols to Mac Secure Transport.

This commit is contained in:
Jacek Caban 2013-03-30 16:25:44 +01:00 committed by Alexandre Julliard
parent 66f80b57a4
commit 8036bd14f9
1 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
dlls/secur32/schannel_macosx.c
View File

@ -630,15 +630,28 @@ static OSStatus schan_push_adapter(SSLConnectionRef transport, const void *buff,
return ret; return ret;
} }
static const struct {
DWORD enable_flag;
SSLProtocol mac_version;
} protocol_priority_flags[] = {
{SP_PROT_TLS1_2_CLIENT, kTLSProtocol12},
{SP_PROT_TLS1_1_CLIENT, kTLSProtocol11},
{SP_PROT_TLS1_0_CLIENT, kTLSProtocol1},
{SP_PROT_SSL3_CLIENT, kSSLProtocol3},
{SP_PROT_SSL2_CLIENT, kSSLProtocol2}
};
static DWORD supported_protocols;
DWORD schan_imp_enabled_protocols(void) DWORD schan_imp_enabled_protocols(void)
{ {
/* NOTE: No support for TLS 1.1 and TLS 1.2 */ return supported_protocols;
return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
} }
BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred) BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
{ {
struct mac_session *s; struct mac_session *s;
unsigned i;
OSStatus status; OSStatus status;
TRACE("(%p)\n", session); TRACE("(%p)\n", session);
@ -668,12 +681,18 @@ BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cre
goto fail; goto fail;
} }
status = SSLSetProtocolVersionEnabled(s->context, kSSLProtocol2, FALSE); for(i=0; i < sizeof(protocol_priority_flags)/sizeof(*protocol_priority_flags); i++) {
if(!(protocol_priority_flags[i].enable_flag & supported_protocols))
continue;
status = SSLSetProtocolVersionEnabled(s->context, protocol_priority_flags[i].mac_version,
(cred->enabled_protocols & protocol_priority_flags[i].enable_flag) != 0);
if (status != noErr) if (status != noErr)
{ {
ERR("Failed to disable SSL version 2: %ld\n", (long)status); ERR("Failed to set SSL version %d: %ld\n", protocol_priority_flags[i].mac_version, (long)status);
goto fail; goto fail;
} }
}
status = SSLSetIOFuncs(s->context, schan_pull_adapter, schan_push_adapter); status = SSLSetIOFuncs(s->context, schan_pull_adapter, schan_push_adapter);
if (status != noErr) if (status != noErr)
@ -984,6 +1003,13 @@ void schan_imp_free_certificate_credentials(schan_credentials *c)
BOOL schan_imp_init(void) BOOL schan_imp_init(void)
{ {
TRACE("()\n"); TRACE("()\n");
supported_protocols = SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
#if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
/* FIXME: Test max allowed version for TLS 1.1 and TLS 1.2 */
#endif
return TRUE; return TRUE;
} }