secur32: Check for supported protocols when loading gnutls.

We mostly need to know if TLS1.3 is supported before attempting to handle it. It's just in gnutls backend now, so it will not be actually enabled yet. Signed-off-by: Jacek Caban <jacek@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

secur32: Check for supported protocols when loading gnutls.
9dd0f8f4 · Jacek Caban · Alexandre Julliard · ea77ba04 · 9dd0f8f4
Commit 9dd0f8f4 authored Dec 07, 2018 by Jacek Caban Committed by Alexandre Julliard Dec 07, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 2 deletions

schannel_gnutls.c dlls/secur32/schannel_gnutls.c +36 -2

No files found.
--- a/dlls/secur32/schannel_gnutls.c
+++ b/dlls/secur32/schannel_gnutls.c
@@ -23,6 +23,7 @@
 #include "wine/port.h"

 #include <stdarg.h>
+#include <stdio.h>
 #ifdef SONAME_LIBGNUTLS
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
@@ -150,6 +151,7 @@ static const struct {
    DWORD enable_flag;
    const char *gnutls_flag;
 } protocol_priority_flags[] = {
+    {SP_PROT_TLS1_3_CLIENT, "VERS-TLS1.3"},
    {SP_PROT_TLS1_2_CLIENT, "VERS-TLS1.2"},
    {SP_PROT_TLS1_1_CLIENT, "VERS-TLS1.1"},
    {SP_PROT_TLS1_0_CLIENT, "VERS-TLS1.0"},
@@ -157,10 +159,41 @@ static const struct {
    /* {SP_PROT_SSL2_CLIENT} is not supported by GnuTLS */
 };

+static DWORD supported_protocols;
+
+static void check_supported_protocols(void)
+{
+    gnutls_session_t session;
+    char priority[64];
+    unsigned i;
+    int err;
+
+    err = pgnutls_init(&session, GNUTLS_CLIENT);
+    if (err != GNUTLS_E_SUCCESS)
+    {
+        pgnutls_perror(err);
+        return;
+    }
+
+    for(i = 0; i < ARRAY_SIZE(protocol_priority_flags); i++)
+    {
+        sprintf(priority, "NORMAL:-%s", protocol_priority_flags[i].gnutls_flag);
+        err = pgnutls_priority_set_direct(session, priority, NULL);
+        if (err == GNUTLS_E_SUCCESS)
+        {
+            TRACE("%s is supported\n", protocol_priority_flags[i].gnutls_flag);
+            supported_protocols |= protocol_priority_flags[i].enable_flag;
+        }
+        else
+            TRACE("%s is not supported\n", protocol_priority_flags[i].gnutls_flag);
+    }
+
+    pgnutls_deinit(session);
+}
+
 DWORD schan_imp_enabled_protocols(void)
 {
-    /* NOTE: No support for SSL 2.0 */
-    return SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
+    return supported_protocols;
 }

 BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
@@ -593,6 +626,7 @@ BOOL schan_imp_init(void)
        pgnutls_global_set_log_function(schan_gnutls_log);
    }

+    check_supported_protocols();
    return TRUE;

 fail: