diff options
author | Kevin Smith <git@kismith.co.uk> | 2014-08-27 14:16:15 (GMT) |
---|---|---|
committer | Kevin Smith <kevin.smith@isode.com> | 2015-06-10 20:29:05 (GMT) |
commit | b2093a372874aefb4f56f66a70a96f78d6cbbaec (patch) | |
tree | ab779a4cc7950339d2c2cb0261ae6a08df84c645 /Swiften/TLS/Schannel/SchannelContext.h | |
parent | b6b0695643f932827add43b9de0e09ed74eb6799 (diff) | |
download | swift-b2093a372874aefb4f56f66a70a96f78d6cbbaec.zip swift-b2093a372874aefb4f56f66a70a96f78d6cbbaec.tar.bz2 |
Add ability to limit SChannel to TLS 1.0
Some servers have very restrictive TLS stacks that respond badly
to a bug in the SChannel TLS implementation, meaning that TLS
has to be limited to 1.0.
Add ClientOptions.tlsOptions. This is a method of passing options into
the TLS stack. It's currently
only used for the TLS 1.0 workaround in SChannel, but we might reasonably
expose other options in the future, such as limiting cypher suites.
Disables use of SSLv3 for SChannel
Also updates the coding style in SchannelContext a bit.
Test-Information:
Compiles on both OS X and Windows(SChannel). OS X doesn't show the new
option. Windows shows it, and remembers it between logins. Not tested
against a server requiring 1.0 only, but a previous hack with the
same approach was tested.
Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
Diffstat (limited to 'Swiften/TLS/Schannel/SchannelContext.h')
-rw-r--r-- | Swiften/TLS/Schannel/SchannelContext.h | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h index 3a068f2..19cc473 100644 --- a/Swiften/TLS/Schannel/SchannelContext.h +++ b/Swiften/TLS/Schannel/SchannelContext.h @@ -37,7 +37,7 @@ namespace Swift typedef boost::shared_ptr<SchannelContext> sp_t; public: - SchannelContext(); + SchannelContext(bool tls1_0Workaround); ~SchannelContext(); @@ -86,23 +86,24 @@ namespace Swift }; - SchannelState m_state; - boost::optional<CertificateVerificationError> m_verificationError; + SchannelState state_; + boost::optional<CertificateVerificationError> verificationError_; - ULONG m_secContext; - ScopedCredHandle m_credHandle; - ScopedCtxtHandle m_ctxtHandle; - DWORD m_ctxtFlags; - SecPkgContext_StreamSizes m_streamSizes; + ULONG secContext_; + ScopedCredHandle credHandle_; + ScopedCtxtHandle contextHandle_; + DWORD contextFlags_; + SecPkgContext_StreamSizes streamSizes_; - std::vector<char> m_receivedData; + std::vector<char> receivedData_; - HCERTSTORE m_my_cert_store; - std::string m_cert_store_name; - std::string m_cert_name; + HCERTSTORE myCertStore_; + std::string certStoreName_; + std::string certName_; ////Not needed, most likely - std::string m_smartcard_reader; //Can be empty string for non SmartCard certificates - boost::shared_ptr<CAPICertificate> userCertificate; - bool checkCertificateRevocation; + std::string smartCardReader_; //Can be empty string for non SmartCard certificates + boost::shared_ptr<CAPICertificate> userCertificate_; + bool checkCertificateRevocation_; + bool tls1_0Workaround_; }; } |