From c51880149551e54f29ca39970080c0ac94c2d859 Mon Sep 17 00:00:00 2001 From: Alexandre Julliard Date: Thu, 13 Jun 2013 15:50:38 +0200 Subject: [PATCH] secur32: Set the SSL server name to enable the SNI extension. --- dlls/secur32/schannel.c | 12 ++++++++++++ dlls/secur32/schannel_gnutls.c | 9 +++++++++ dlls/secur32/schannel_macosx.c | 9 +++++++++ dlls/secur32/secur32_priv.h | 1 + 4 files changed, 31 insertions(+) diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c index ecc189d6f3f..240062fea98 100644 --- a/dlls/secur32/schannel.c +++ b/dlls/secur32/schannel.c @@ -825,6 +825,18 @@ static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextW( return SEC_E_INTERNAL_ERROR; } + if (pszTargetName) + { + UINT len = WideCharToMultiByte( CP_UNIXCP, 0, pszTargetName, -1, NULL, 0, NULL, NULL ); + char *target = HeapAlloc( GetProcessHeap(), 0, len ); + + if (target) + { + WideCharToMultiByte( CP_UNIXCP, 0, pszTargetName, -1, target, len, NULL, NULL ); + schan_imp_set_session_target( ctx->session, target ); + HeapFree( GetProcessHeap(), 0, target ); + } + } phNewContext->dwLower = handle; phNewContext->dwUpper = 0; } diff --git a/dlls/secur32/schannel_gnutls.c b/dlls/secur32/schannel_gnutls.c index cbe64e863bf..ed9bfde09d2 100644 --- a/dlls/secur32/schannel_gnutls.c +++ b/dlls/secur32/schannel_gnutls.c @@ -66,6 +66,7 @@ MAKE_FUNCPTR(gnutls_priority_set_direct); MAKE_FUNCPTR(gnutls_record_get_max_size); MAKE_FUNCPTR(gnutls_record_recv); MAKE_FUNCPTR(gnutls_record_send); +MAKE_FUNCPTR(gnutls_server_name_set); MAKE_FUNCPTR(gnutls_transport_get_ptr); MAKE_FUNCPTR(gnutls_transport_set_errno); MAKE_FUNCPTR(gnutls_transport_set_ptr); @@ -182,6 +183,13 @@ void schan_imp_set_session_transport(schan_imp_session session, pgnutls_transport_set_ptr(s, (gnutls_transport_ptr_t)t); } +void schan_imp_set_session_target(schan_imp_session session, const char *target) +{ + gnutls_session_t s = (gnutls_session_t)session; + + pgnutls_server_name_set( s, GNUTLS_NAME_DNS, target, strlen(target) ); +} + SECURITY_STATUS schan_imp_handshake(schan_imp_session session) { gnutls_session_t s = (gnutls_session_t)session; @@ -491,6 +499,7 @@ BOOL schan_imp_init(void) LOAD_FUNCPTR(gnutls_record_get_max_size); LOAD_FUNCPTR(gnutls_record_recv); LOAD_FUNCPTR(gnutls_record_send); + LOAD_FUNCPTR(gnutls_server_name_set) LOAD_FUNCPTR(gnutls_transport_get_ptr) LOAD_FUNCPTR(gnutls_transport_set_errno) LOAD_FUNCPTR(gnutls_transport_set_ptr) diff --git a/dlls/secur32/schannel_macosx.c b/dlls/secur32/schannel_macosx.c index 9463c94c8ff..5d8822305e4 100644 --- a/dlls/secur32/schannel_macosx.c +++ b/dlls/secur32/schannel_macosx.c @@ -734,6 +734,15 @@ void schan_imp_set_session_transport(schan_imp_session session, s->transport = t; } +void schan_imp_set_session_target(schan_imp_session session, const char *target) +{ + struct mac_session *s = (struct mac_session*)session; + + TRACE("(%p/%p, %s)\n", s, s->context, debugstr_a(target)); + + SSLSetPeerDomainName( s->context, target, strlen(target) ); +} + SECURITY_STATUS schan_imp_handshake(schan_imp_session session) { struct mac_session *s = (struct mac_session*)session; diff --git a/dlls/secur32/secur32_priv.h b/dlls/secur32/secur32_priv.h index dc08429b672..ea1fcfb6d75 100644 --- a/dlls/secur32/secur32_priv.h +++ b/dlls/secur32/secur32_priv.h @@ -247,6 +247,7 @@ extern BOOL schan_imp_create_session(schan_imp_session *session, schan_credentia extern void schan_imp_dispose_session(schan_imp_session session) DECLSPEC_HIDDEN; extern void schan_imp_set_session_transport(schan_imp_session session, struct schan_transport *t) DECLSPEC_HIDDEN; +extern void schan_imp_set_session_target(schan_imp_session session, const char *target) DECLSPEC_HIDDEN; extern SECURITY_STATUS schan_imp_handshake(schan_imp_session session) DECLSPEC_HIDDEN; extern unsigned int schan_imp_get_session_cipher_block_size(schan_imp_session session) DECLSPEC_HIDDEN; extern unsigned int schan_imp_get_max_message_size(schan_imp_session session) DECLSPEC_HIDDEN; -- 2.11.4.GIT