Commit c68b5eb8 authored by Hans Leidekker's avatar Hans Leidekker Committed by Alexandre Julliard

winhttp: Implement WINHTTP_OPTION_CLIENT_CERT_CONTEXT.

parent cffb77e9
......@@ -1527,25 +1527,28 @@ static DWORD map_secure_protocols( DWORD mask )
return ret;
}
static BOOL ensure_cred_handle( struct session *session )
static BOOL ensure_cred_handle( struct request *request )
{
SECURITY_STATUS status = SEC_E_OK;
if (session->cred_handle_initialized) return TRUE;
if (request->cred_handle_initialized) return TRUE;
EnterCriticalSection( &session->cs );
if (!session->cred_handle_initialized)
if (!request->cred_handle_initialized)
{
SCHANNEL_CRED cred;
memset( &cred, 0, sizeof(cred) );
cred.dwVersion = SCHANNEL_CRED_VERSION;
cred.grbitEnabledProtocols = map_secure_protocols( session->secure_protocols );
cred.grbitEnabledProtocols = map_secure_protocols( request->connect->session->secure_protocols );
if (request->client_cert)
{
cred.paCred = &request->client_cert;
cred.cCreds = 1;
}
status = AcquireCredentialsHandleW( NULL, (WCHAR *)UNISP_NAME_W, SECPKG_CRED_OUTBOUND, NULL,
&cred, NULL, NULL, &session->cred_handle, NULL );
&cred, NULL, NULL, &request->cred_handle, NULL );
if (status == SEC_E_OK)
session->cred_handle_initialized = TRUE;
request->cred_handle_initialized = TRUE;
}
LeaveCriticalSection( &session->cs );
if (status != SEC_E_OK)
{
......@@ -1686,9 +1689,9 @@ static BOOL open_connection( struct request *request )
CertFreeCertificateContext( request->server_cert );
request->server_cert = NULL;
if (!ensure_cred_handle( connect->session ) ||
if (!ensure_cred_handle( request ) ||
!netconn_secure_connect( netconn, connect->hostname, request->security_flags,
&connect->session->cred_handle, request->check_revocation ))
&request->cred_handle, request->check_revocation ))
{
heap_free( addressW );
netconn_close( netconn );
......
......@@ -81,7 +81,6 @@ static void session_destroy( struct object_header *hdr )
TRACE("%p\n", session);
if (session->unload_event) SetEvent( session->unload_event );
if (session->cred_handle_initialized) FreeCredentialsHandle( &session->cred_handle );
destroy_cookies( session );
session->cs.DebugInfo->Spare[0] = 0;
......@@ -610,7 +609,9 @@ static void request_destroy( struct object_header *hdr )
}
release_object( &request->connect->hdr );
if (request->cred_handle_initialized) FreeCredentialsHandle( &request->cred_handle );
CertFreeCertificateContext( request->server_cert );
CertFreeCertificateContext( request->client_cert );
destroy_authinfo( request->authinfo );
destroy_authinfo( request->proxy_authinfo );
......@@ -1000,14 +1001,39 @@ static BOOL request_set_option( struct object_header *hdr, DWORD option, void *b
return TRUE;
}
case WINHTTP_OPTION_CLIENT_CERT_CONTEXT:
{
const CERT_CONTEXT *cert;
if (!(hdr->flags & WINHTTP_FLAG_SECURE))
{
SetLastError( ERROR_WINHTTP_INCORRECT_HANDLE_STATE );
return FALSE;
}
FIXME("WINHTTP_OPTION_CLIENT_CERT_CONTEXT\n");
return TRUE;
if (!buffer)
{
CertFreeCertificateContext( request->client_cert );
request->client_cert = NULL;
}
else if (buflen >= sizeof(cert))
{
if (!(cert = CertDuplicateCertificateContext( buffer ))) return FALSE;
CertFreeCertificateContext( request->client_cert );
request->client_cert = cert;
}
else
{
SetLastError( ERROR_INVALID_PARAMETER );
return FALSE;
}
if (request->cred_handle_initialized)
{
FreeCredentialsHandle( &request->cred_handle );
request->cred_handle_initialized = FALSE;
}
return TRUE;
}
case WINHTTP_OPTION_ENABLE_FEATURE:
if(buflen == sizeof( DWORD ) && *(DWORD *)buffer == WINHTTP_ENABLE_SSL_REVOCATION)
{
......
......@@ -92,8 +92,6 @@ struct session
WCHAR *proxy_password;
struct list cookie_cache;
HANDLE unload_event;
CredHandle cred_handle;
BOOL cred_handle_initialized;
DWORD secure_protocols;
};
......@@ -182,6 +180,9 @@ struct request
DWORD security_flags;
BOOL check_revocation;
const CERT_CONTEXT *server_cert;
const CERT_CONTEXT *client_cert;
CredHandle cred_handle;
BOOL cred_handle_initialized;
int resolve_timeout;
int connect_timeout;
int send_timeout;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment