secur32: Check for supported protocols when loading gnutls.
We mostly need to know if TLS1.3 is supported before attempting to handle it. It's just in gnutls backend now, so it will not be actually enabled yet. Signed-off-by: Jacek Caban <jacek@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
parent
ea77ba04f3
commit
9dd0f8f4b7
|
@ -23,6 +23,7 @@
|
||||||
#include "wine/port.h"
|
#include "wine/port.h"
|
||||||
|
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
#include <stdio.h>
|
||||||
#ifdef SONAME_LIBGNUTLS
|
#ifdef SONAME_LIBGNUTLS
|
||||||
#include <gnutls/gnutls.h>
|
#include <gnutls/gnutls.h>
|
||||||
#include <gnutls/crypto.h>
|
#include <gnutls/crypto.h>
|
||||||
|
@ -150,6 +151,7 @@ static const struct {
|
||||||
DWORD enable_flag;
|
DWORD enable_flag;
|
||||||
const char *gnutls_flag;
|
const char *gnutls_flag;
|
||||||
} protocol_priority_flags[] = {
|
} protocol_priority_flags[] = {
|
||||||
|
{SP_PROT_TLS1_3_CLIENT, "VERS-TLS1.3"},
|
||||||
{SP_PROT_TLS1_2_CLIENT, "VERS-TLS1.2"},
|
{SP_PROT_TLS1_2_CLIENT, "VERS-TLS1.2"},
|
||||||
{SP_PROT_TLS1_1_CLIENT, "VERS-TLS1.1"},
|
{SP_PROT_TLS1_1_CLIENT, "VERS-TLS1.1"},
|
||||||
{SP_PROT_TLS1_0_CLIENT, "VERS-TLS1.0"},
|
{SP_PROT_TLS1_0_CLIENT, "VERS-TLS1.0"},
|
||||||
|
@ -157,10 +159,41 @@ static const struct {
|
||||||
/* {SP_PROT_SSL2_CLIENT} is not supported by GnuTLS */
|
/* {SP_PROT_SSL2_CLIENT} is not supported by GnuTLS */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static DWORD supported_protocols;
|
||||||
|
|
||||||
|
static void check_supported_protocols(void)
|
||||||
|
{
|
||||||
|
gnutls_session_t session;
|
||||||
|
char priority[64];
|
||||||
|
unsigned i;
|
||||||
|
int err;
|
||||||
|
|
||||||
|
err = pgnutls_init(&session, GNUTLS_CLIENT);
|
||||||
|
if (err != GNUTLS_E_SUCCESS)
|
||||||
|
{
|
||||||
|
pgnutls_perror(err);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
for(i = 0; i < ARRAY_SIZE(protocol_priority_flags); i++)
|
||||||
|
{
|
||||||
|
sprintf(priority, "NORMAL:-%s", protocol_priority_flags[i].gnutls_flag);
|
||||||
|
err = pgnutls_priority_set_direct(session, priority, NULL);
|
||||||
|
if (err == GNUTLS_E_SUCCESS)
|
||||||
|
{
|
||||||
|
TRACE("%s is supported\n", protocol_priority_flags[i].gnutls_flag);
|
||||||
|
supported_protocols |= protocol_priority_flags[i].enable_flag;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
TRACE("%s is not supported\n", protocol_priority_flags[i].gnutls_flag);
|
||||||
|
}
|
||||||
|
|
||||||
|
pgnutls_deinit(session);
|
||||||
|
}
|
||||||
|
|
||||||
DWORD schan_imp_enabled_protocols(void)
|
DWORD schan_imp_enabled_protocols(void)
|
||||||
{
|
{
|
||||||
/* NOTE: No support for SSL 2.0 */
|
return supported_protocols;
|
||||||
return SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
|
BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
|
||||||
|
@ -593,6 +626,7 @@ BOOL schan_imp_init(void)
|
||||||
pgnutls_global_set_log_function(schan_gnutls_log);
|
pgnutls_global_set_log_function(schan_gnutls_log);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_supported_protocols();
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
|
|
Loading…
Reference in New Issue