2 * Copyright 2008 Hans Leidekker for CodeWeavers
3 * Copyright 2013 Jacek Caban for CodeWeavers
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #define NONAMELESSUNION
30 #include "wine/debug.h"
31 #include "winhttp_private.h"
33 WINE_DEFAULT_DEBUG_CHANNEL(winhttp
);
35 static int sock_send(int fd
, const void *msg
, size_t len
, int flags
)
40 if ((ret
= send(fd
, msg
, len
, flags
)) == -1) WARN("send error %u\n", WSAGetLastError());
42 while(ret
== -1 && WSAGetLastError() == WSAEINTR
);
46 static int sock_recv(int fd
, void *msg
, size_t len
, int flags
)
51 if ((ret
= recv(fd
, msg
, len
, flags
)) == -1) WARN("recv error %u\n", WSAGetLastError());
53 while(ret
== -1 && WSAGetLastError() == WSAEINTR
);
57 static DWORD
netconn_verify_cert( PCCERT_CONTEXT cert
, WCHAR
*server
, DWORD security_flags
, BOOL check_revocation
)
59 HCERTSTORE store
= cert
->hCertStore
;
61 CERT_CHAIN_PARA chainPara
= { sizeof(chainPara
), { 0 } };
62 PCCERT_CHAIN_CONTEXT chain
;
63 char oid_server_auth
[] = szOID_PKIX_KP_SERVER_AUTH
;
64 char *server_auth
[] = { oid_server_auth
};
65 DWORD err
= ERROR_SUCCESS
;
67 TRACE("verifying %s\n", debugstr_w( server
));
68 chainPara
.RequestedUsage
.Usage
.cUsageIdentifier
= 1;
69 chainPara
.RequestedUsage
.Usage
.rgpszUsageIdentifier
= server_auth
;
70 ret
= CertGetCertificateChain( NULL
, cert
, NULL
, store
, &chainPara
,
71 check_revocation
? CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
: 0,
75 if (chain
->TrustStatus
.dwErrorStatus
)
77 static const DWORD supportedErrors
=
78 CERT_TRUST_IS_NOT_TIME_VALID
|
79 CERT_TRUST_IS_UNTRUSTED_ROOT
|
80 CERT_TRUST_IS_NOT_VALID_FOR_USAGE
;
82 if (chain
->TrustStatus
.dwErrorStatus
& CERT_TRUST_IS_NOT_TIME_VALID
)
84 if (!(security_flags
& SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
))
85 err
= ERROR_WINHTTP_SECURE_CERT_DATE_INVALID
;
87 else if (chain
->TrustStatus
.dwErrorStatus
&
88 CERT_TRUST_IS_UNTRUSTED_ROOT
)
90 if (!(security_flags
& SECURITY_FLAG_IGNORE_UNKNOWN_CA
))
91 err
= ERROR_WINHTTP_SECURE_INVALID_CA
;
93 else if ((chain
->TrustStatus
.dwErrorStatus
&
94 CERT_TRUST_IS_OFFLINE_REVOCATION
) ||
95 (chain
->TrustStatus
.dwErrorStatus
&
96 CERT_TRUST_REVOCATION_STATUS_UNKNOWN
))
97 err
= ERROR_WINHTTP_SECURE_CERT_REV_FAILED
;
98 else if (chain
->TrustStatus
.dwErrorStatus
& CERT_TRUST_IS_REVOKED
)
99 err
= ERROR_WINHTTP_SECURE_CERT_REVOKED
;
100 else if (chain
->TrustStatus
.dwErrorStatus
&
101 CERT_TRUST_IS_NOT_VALID_FOR_USAGE
)
103 if (!(security_flags
& SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE
))
104 err
= ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE
;
106 else if (chain
->TrustStatus
.dwErrorStatus
& ~supportedErrors
)
107 err
= ERROR_WINHTTP_SECURE_INVALID_CERT
;
111 CERT_CHAIN_POLICY_PARA policyPara
;
112 SSL_EXTRA_CERT_CHAIN_POLICY_PARA sslExtraPolicyPara
;
113 CERT_CHAIN_POLICY_STATUS policyStatus
;
114 CERT_CHAIN_CONTEXT chainCopy
;
116 /* Clear chain->TrustStatus.dwErrorStatus so
117 * CertVerifyCertificateChainPolicy will verify additional checks
118 * rather than stopping with an existing, ignored error.
120 memcpy(&chainCopy
, chain
, sizeof(chainCopy
));
121 chainCopy
.TrustStatus
.dwErrorStatus
= 0;
122 sslExtraPolicyPara
.u
.cbSize
= sizeof(sslExtraPolicyPara
);
123 sslExtraPolicyPara
.dwAuthType
= AUTHTYPE_SERVER
;
124 sslExtraPolicyPara
.pwszServerName
= server
;
125 sslExtraPolicyPara
.fdwChecks
= security_flags
;
126 policyPara
.cbSize
= sizeof(policyPara
);
127 policyPara
.dwFlags
= 0;
128 policyPara
.pvExtraPolicyPara
= &sslExtraPolicyPara
;
129 ret
= CertVerifyCertificateChainPolicy( CERT_CHAIN_POLICY_SSL
,
130 &chainCopy
, &policyPara
,
132 /* Any error in the policy status indicates that the
133 * policy couldn't be verified.
135 if (ret
&& policyStatus
.dwError
)
137 if (policyStatus
.dwError
== CERT_E_CN_NO_MATCH
)
138 err
= ERROR_WINHTTP_SECURE_CERT_CN_INVALID
;
140 err
= ERROR_WINHTTP_SECURE_INVALID_CERT
;
143 CertFreeCertificateChain( chain
);
146 err
= ERROR_WINHTTP_SECURE_CHANNEL_ERROR
;
147 TRACE("returning %08x\n", err
);
151 static BOOL winsock_loaded
;
153 void netconn_unload( void )
155 if (winsock_loaded
) WSACleanup();
158 static BOOL WINAPI
winsock_startup( INIT_ONCE
*once
, void *param
, void **ctx
)
162 if (!(ret
= WSAStartup( MAKEWORD(1,1), &data
))) winsock_loaded
= TRUE
;
163 else ERR( "WSAStartup failed: %d\n", ret
);
167 static void winsock_init(void)
169 static INIT_ONCE once
= INIT_ONCE_STATIC_INIT
;
170 InitOnceExecuteOnce( &once
, winsock_startup
, NULL
, NULL
);
173 static void set_blocking( struct netconn
*conn
, BOOL blocking
)
175 ULONG state
= !blocking
;
176 ioctlsocket( conn
->socket
, FIONBIO
, &state
);
179 struct netconn
*netconn_create( struct hostdata
*host
, const struct sockaddr_storage
*sockaddr
, int timeout
)
181 struct netconn
*conn
;
182 unsigned int addr_len
;
187 conn
= heap_alloc_zero(sizeof(*conn
));
188 if (!conn
) return NULL
;
190 conn
->sockaddr
= *sockaddr
;
191 if ((conn
->socket
= socket( sockaddr
->ss_family
, SOCK_STREAM
, 0 )) == -1)
193 WARN("unable to create socket (%u)\n", WSAGetLastError());
198 switch (conn
->sockaddr
.ss_family
)
201 addr_len
= sizeof(struct sockaddr_in
);
204 addr_len
= sizeof(struct sockaddr_in6
);
207 ERR( "unhandled family %u\n", conn
->sockaddr
.ss_family
);
212 if (timeout
> 0) set_blocking( conn
, FALSE
);
214 if (!connect( conn
->socket
, (const struct sockaddr
*)&conn
->sockaddr
, addr_len
)) ret
= TRUE
;
217 DWORD err
= WSAGetLastError();
218 if (err
== WSAEWOULDBLOCK
|| err
== WSAEINPROGRESS
)
221 TIMEVAL timeval
= { 0, timeout
* 1000 };
225 FD_SET( conn
->socket
, &set
);
226 if ((res
= select( conn
->socket
+ 1, NULL
, &set
, NULL
, &timeval
)) > 0) ret
= TRUE
;
227 else if (!res
) SetLastError( ERROR_WINHTTP_TIMEOUT
);
231 if (timeout
> 0) set_blocking( conn
, TRUE
);
235 WARN("unable to connect to host (%u)\n", GetLastError());
236 closesocket( conn
->socket
);
243 void netconn_close( struct netconn
*conn
)
247 heap_free( conn
->peek_msg_mem
);
248 heap_free(conn
->ssl_buf
);
249 heap_free(conn
->extra_buf
);
250 DeleteSecurityContext(&conn
->ssl_ctx
);
252 closesocket( conn
->socket
);
253 release_host( conn
->host
);
257 BOOL
netconn_secure_connect( struct netconn
*conn
, WCHAR
*hostname
, DWORD security_flags
, CredHandle
*cred_handle
,
258 BOOL check_revocation
)
260 SecBuffer out_buf
= {0, SECBUFFER_TOKEN
, NULL
}, in_bufs
[2] = {{0, SECBUFFER_TOKEN
}, {0, SECBUFFER_EMPTY
}};
261 SecBufferDesc out_desc
= {SECBUFFER_VERSION
, 1, &out_buf
}, in_desc
= {SECBUFFER_VERSION
, 2, in_bufs
};
263 SIZE_T read_buf_size
= 2048;
267 const CERT_CONTEXT
*cert
;
268 SECURITY_STATUS status
;
269 DWORD res
= ERROR_SUCCESS
;
271 const DWORD isc_req_flags
= ISC_REQ_ALLOCATE_MEMORY
|ISC_REQ_USE_SESSION_KEY
|ISC_REQ_CONFIDENTIALITY
272 |ISC_REQ_SEQUENCE_DETECT
|ISC_REQ_REPLAY_DETECT
|ISC_REQ_MANUAL_CRED_VALIDATION
;
274 read_buf
= heap_alloc(read_buf_size
);
278 status
= InitializeSecurityContextW(cred_handle
, NULL
, hostname
, isc_req_flags
, 0, 0, NULL
, 0,
279 &ctx
, &out_desc
, &attrs
, NULL
);
281 assert(status
!= SEC_E_OK
);
283 while(status
== SEC_I_CONTINUE_NEEDED
|| status
== SEC_E_INCOMPLETE_MESSAGE
) {
284 if(out_buf
.cbBuffer
) {
285 assert(status
== SEC_I_CONTINUE_NEEDED
);
287 TRACE("sending %u bytes\n", out_buf
.cbBuffer
);
289 size
= sock_send(conn
->socket
, out_buf
.pvBuffer
, out_buf
.cbBuffer
, 0);
290 if(size
!= out_buf
.cbBuffer
) {
291 ERR("send failed\n");
292 res
= ERROR_WINHTTP_SECURE_CHANNEL_ERROR
;
296 FreeContextBuffer(out_buf
.pvBuffer
);
297 out_buf
.pvBuffer
= NULL
;
298 out_buf
.cbBuffer
= 0;
301 if(status
== SEC_I_CONTINUE_NEEDED
) {
302 assert(in_bufs
[1].cbBuffer
< read_buf_size
);
304 memmove(read_buf
, (BYTE
*)in_bufs
[0].pvBuffer
+in_bufs
[0].cbBuffer
-in_bufs
[1].cbBuffer
, in_bufs
[1].cbBuffer
);
305 in_bufs
[0].cbBuffer
= in_bufs
[1].cbBuffer
;
307 in_bufs
[1].BufferType
= SECBUFFER_EMPTY
;
308 in_bufs
[1].cbBuffer
= 0;
309 in_bufs
[1].pvBuffer
= NULL
;
312 assert(in_bufs
[0].BufferType
== SECBUFFER_TOKEN
);
313 assert(in_bufs
[1].BufferType
== SECBUFFER_EMPTY
);
315 if(in_bufs
[0].cbBuffer
+ 1024 > read_buf_size
) {
318 new_read_buf
= heap_realloc(read_buf
, read_buf_size
+ 1024);
320 status
= E_OUTOFMEMORY
;
324 in_bufs
[0].pvBuffer
= read_buf
= new_read_buf
;
325 read_buf_size
+= 1024;
328 size
= sock_recv(conn
->socket
, read_buf
+in_bufs
[0].cbBuffer
, read_buf_size
-in_bufs
[0].cbBuffer
, 0);
330 status
= ERROR_WINHTTP_SECURE_CHANNEL_ERROR
;
334 TRACE("recv %lu bytes\n", size
);
336 in_bufs
[0].cbBuffer
+= size
;
337 in_bufs
[0].pvBuffer
= read_buf
;
338 status
= InitializeSecurityContextW(cred_handle
, &ctx
, hostname
, isc_req_flags
, 0, 0, &in_desc
,
339 0, NULL
, &out_desc
, &attrs
, NULL
);
340 TRACE("InitializeSecurityContext ret %08x\n", status
);
342 if(status
== SEC_E_OK
) {
343 if(in_bufs
[1].BufferType
== SECBUFFER_EXTRA
)
344 FIXME("SECBUFFER_EXTRA not supported\n");
346 status
= QueryContextAttributesW(&ctx
, SECPKG_ATTR_STREAM_SIZES
, &conn
->ssl_sizes
);
347 if(status
!= SEC_E_OK
) {
348 WARN("Could not get sizes\n");
352 status
= QueryContextAttributesW(&ctx
, SECPKG_ATTR_REMOTE_CERT_CONTEXT
, (void*)&cert
);
353 if(status
== SEC_E_OK
) {
354 res
= netconn_verify_cert(cert
, hostname
, security_flags
, check_revocation
);
355 CertFreeCertificateContext(cert
);
356 if(res
!= ERROR_SUCCESS
) {
357 WARN("cert verify failed: %u\n", res
);
361 WARN("Could not get cert\n");
365 conn
->ssl_buf
= heap_alloc(conn
->ssl_sizes
.cbHeader
+ conn
->ssl_sizes
.cbMaximumMessage
+ conn
->ssl_sizes
.cbTrailer
);
367 res
= GetLastError();
375 if(status
!= SEC_E_OK
|| res
!= ERROR_SUCCESS
) {
376 WARN("Failed to initialize security context: %08x\n", status
);
377 heap_free(conn
->ssl_buf
);
378 conn
->ssl_buf
= NULL
;
379 DeleteSecurityContext(&ctx
);
380 SetLastError(res
? res
: ERROR_WINHTTP_SECURE_CHANNEL_ERROR
);
385 TRACE("established SSL connection\n");
391 static BOOL
send_ssl_chunk(struct netconn
*conn
, const void *msg
, size_t size
)
393 SecBuffer bufs
[4] = {
394 {conn
->ssl_sizes
.cbHeader
, SECBUFFER_STREAM_HEADER
, conn
->ssl_buf
},
395 {size
, SECBUFFER_DATA
, conn
->ssl_buf
+conn
->ssl_sizes
.cbHeader
},
396 {conn
->ssl_sizes
.cbTrailer
, SECBUFFER_STREAM_TRAILER
, conn
->ssl_buf
+conn
->ssl_sizes
.cbHeader
+size
},
397 {0, SECBUFFER_EMPTY
, NULL
}
399 SecBufferDesc buf_desc
= {SECBUFFER_VERSION
, ARRAY_SIZE(bufs
), bufs
};
402 memcpy(bufs
[1].pvBuffer
, msg
, size
);
403 res
= EncryptMessage(&conn
->ssl_ctx
, 0, &buf_desc
, 0);
404 if(res
!= SEC_E_OK
) {
405 WARN("EncryptMessage failed\n");
409 if(sock_send(conn
->socket
, conn
->ssl_buf
, bufs
[0].cbBuffer
+bufs
[1].cbBuffer
+bufs
[2].cbBuffer
, 0) < 1) {
410 WARN("send failed\n");
417 BOOL
netconn_send( struct netconn
*conn
, const void *msg
, size_t len
, int *sent
)
421 const BYTE
*ptr
= msg
;
427 chunk_size
= min(len
, conn
->ssl_sizes
.cbMaximumMessage
);
428 if(!send_ssl_chunk(conn
, ptr
, chunk_size
))
438 return ((*sent
= sock_send( conn
->socket
, msg
, len
, 0 )) != -1);
441 static BOOL
read_ssl_chunk(struct netconn
*conn
, void *buf
, SIZE_T buf_size
, SIZE_T
*ret_size
, BOOL
*eof
)
443 const SIZE_T ssl_buf_size
= conn
->ssl_sizes
.cbHeader
+conn
->ssl_sizes
.cbMaximumMessage
+conn
->ssl_sizes
.cbTrailer
;
445 SecBufferDesc buf_desc
= {SECBUFFER_VERSION
, ARRAY_SIZE(bufs
), bufs
};
446 SSIZE_T size
, buf_len
;
450 assert(conn
->extra_len
< ssl_buf_size
);
452 if(conn
->extra_len
) {
453 memcpy(conn
->ssl_buf
, conn
->extra_buf
, conn
->extra_len
);
454 buf_len
= conn
->extra_len
;
456 heap_free(conn
->extra_buf
);
457 conn
->extra_buf
= NULL
;
459 buf_len
= sock_recv(conn
->socket
, conn
->ssl_buf
+conn
->extra_len
, ssl_buf_size
-conn
->extra_len
, 0);
473 memset(bufs
, 0, sizeof(bufs
));
474 bufs
[0].BufferType
= SECBUFFER_DATA
;
475 bufs
[0].cbBuffer
= buf_len
;
476 bufs
[0].pvBuffer
= conn
->ssl_buf
;
478 res
= DecryptMessage(&conn
->ssl_ctx
, &buf_desc
, 0, NULL
);
482 case SEC_I_CONTEXT_EXPIRED
:
483 TRACE("context expired\n");
486 case SEC_E_INCOMPLETE_MESSAGE
:
487 assert(buf_len
< ssl_buf_size
);
489 size
= sock_recv(conn
->socket
, conn
->ssl_buf
+buf_len
, ssl_buf_size
-buf_len
, 0);
496 WARN("failed: %08x\n", res
);
499 } while(res
!= SEC_E_OK
);
501 for(i
= 0; i
< ARRAY_SIZE(bufs
); i
++) {
502 if(bufs
[i
].BufferType
== SECBUFFER_DATA
) {
503 size
= min(buf_size
, bufs
[i
].cbBuffer
);
504 memcpy(buf
, bufs
[i
].pvBuffer
, size
);
505 if(size
< bufs
[i
].cbBuffer
) {
506 assert(!conn
->peek_len
);
507 conn
->peek_msg_mem
= conn
->peek_msg
= heap_alloc(bufs
[i
].cbBuffer
- size
);
510 conn
->peek_len
= bufs
[i
].cbBuffer
-size
;
511 memcpy(conn
->peek_msg
, (char*)bufs
[i
].pvBuffer
+size
, conn
->peek_len
);
518 for(i
= 0; i
< ARRAY_SIZE(bufs
); i
++) {
519 if(bufs
[i
].BufferType
== SECBUFFER_EXTRA
) {
520 conn
->extra_buf
= heap_alloc(bufs
[i
].cbBuffer
);
524 conn
->extra_len
= bufs
[i
].cbBuffer
;
525 memcpy(conn
->extra_buf
, bufs
[i
].pvBuffer
, conn
->extra_len
);
532 BOOL
netconn_recv( struct netconn
*conn
, void *buf
, size_t len
, int flags
, int *recvd
)
535 if (!len
) return TRUE
;
544 *recvd
= min( len
, conn
->peek_len
);
545 memcpy( buf
, conn
->peek_msg
, *recvd
);
546 conn
->peek_len
-= *recvd
;
547 conn
->peek_msg
+= *recvd
;
549 if (conn
->peek_len
== 0)
551 heap_free( conn
->peek_msg_mem
);
552 conn
->peek_msg_mem
= NULL
;
553 conn
->peek_msg
= NULL
;
555 /* check if we have enough data from the peek buffer */
556 if (!(flags
& MSG_WAITALL
) || *recvd
== len
) return TRUE
;
561 res
= read_ssl_chunk(conn
, (BYTE
*)buf
+size
, len
-size
, &cread
, &eof
);
563 WARN("read_ssl_chunk failed\n");
575 }while(!size
|| ((flags
& MSG_WAITALL
) && size
< len
));
577 TRACE("received %ld bytes\n", size
);
581 return ((*recvd
= sock_recv( conn
->socket
, buf
, len
, flags
)) != -1);
584 ULONG
netconn_query_data_available( struct netconn
*conn
)
586 return conn
->secure
? conn
->peek_len
: 0;
589 DWORD
netconn_set_timeout( struct netconn
*netconn
, BOOL send
, int value
)
591 int opt
= send
? SO_SNDTIMEO
: SO_RCVTIMEO
;
592 if (setsockopt( netconn
->socket
, SOL_SOCKET
, opt
, (void *)&value
, sizeof(value
) ) == -1)
594 DWORD err
= WSAGetLastError();
595 WARN("setsockopt failed (%u)\n", err
);
598 return ERROR_SUCCESS
;
601 BOOL
netconn_is_alive( struct netconn
*netconn
)
607 set_blocking( netconn
, FALSE
);
608 len
= sock_recv( netconn
->socket
, &b
, 1, MSG_PEEK
);
609 err
= WSAGetLastError();
610 set_blocking( netconn
, TRUE
);
612 return len
== 1 || (len
== -1 && err
== WSAEWOULDBLOCK
);
615 static DWORD
resolve_hostname( const WCHAR
*name
, INTERNET_PORT port
, struct sockaddr_storage
*sa
)
617 ADDRINFOW
*res
, hints
;
620 memset( &hints
, 0, sizeof(hints
) );
621 /* Prefer IPv4 to IPv6 addresses, since some web servers do not listen on
622 * their IPv6 addresses even though they have IPv6 addresses in the DNS.
624 hints
.ai_family
= AF_INET
;
626 ret
= GetAddrInfoW( name
, NULL
, &hints
, &res
);
629 TRACE("failed to get IPv4 address of %s, retrying with IPv6\n", debugstr_w(name
));
630 hints
.ai_family
= AF_INET6
;
631 ret
= GetAddrInfoW( name
, NULL
, &hints
, &res
);
634 TRACE("failed to get address of %s\n", debugstr_w(name
));
635 return ERROR_WINHTTP_NAME_NOT_RESOLVED
;
638 memcpy( sa
, res
->ai_addr
, res
->ai_addrlen
);
639 switch (res
->ai_family
)
642 ((struct sockaddr_in
*)sa
)->sin_port
= htons( port
);
645 ((struct sockaddr_in6
*)sa
)->sin6_port
= htons( port
);
649 FreeAddrInfoW( res
);
650 return ERROR_SUCCESS
;
655 const WCHAR
*hostname
;
657 struct sockaddr_storage
*addr
;
662 static void CALLBACK
resolve_proc( TP_CALLBACK_INSTANCE
*instance
, void *ctx
)
664 struct async_resolve
*async
= ctx
;
665 async
->result
= resolve_hostname( async
->hostname
, async
->port
, async
->addr
);
666 SetEvent( async
->done
);
669 BOOL
netconn_resolve( WCHAR
*hostname
, INTERNET_PORT port
, struct sockaddr_storage
*addr
, int timeout
)
673 if (!timeout
) ret
= resolve_hostname( hostname
, port
, addr
);
676 struct async_resolve async
;
678 async
.hostname
= hostname
;
681 if (!(async
.done
= CreateEventW( NULL
, FALSE
, FALSE
, NULL
))) return FALSE
;
682 if (!TrySubmitThreadpoolCallback( resolve_proc
, &async
, NULL
))
684 CloseHandle( async
.done
);
687 if (WaitForSingleObject( async
.done
, timeout
) != WAIT_OBJECT_0
) ret
= ERROR_WINHTTP_TIMEOUT
;
688 else ret
= async
.result
;
689 CloseHandle( async
.done
);
700 const void *netconn_get_certificate( struct netconn
*conn
)
702 const CERT_CONTEXT
*ret
;
705 if (!conn
->secure
) return NULL
;
706 res
= QueryContextAttributesW(&conn
->ssl_ctx
, SECPKG_ATTR_REMOTE_CERT_CONTEXT
, (void*)&ret
);
707 return res
== SEC_E_OK
? ret
: NULL
;
710 int netconn_get_cipher_strength( struct netconn
*conn
)
712 SecPkgContext_ConnectionInfo conn_info
;
715 if (!conn
->secure
) return 0;
716 res
= QueryContextAttributesW(&conn
->ssl_ctx
, SECPKG_ATTR_CONNECTION_INFO
, (void*)&conn_info
);
718 WARN("QueryContextAttributesW failed: %08x\n", res
);
719 return res
== SEC_E_OK
? conn_info
.dwCipherStrength
: 0;