diff options
authorKevin Smith <>2014-08-27 14:16:15 (GMT)
committerKevin Smith <>2015-06-10 20:29:05 (GMT)
commitb2093a372874aefb4f56f66a70a96f78d6cbbaec (patch)
treeab779a4cc7950339d2c2cb0261ae6a08df84c645 /Swiften/TLS/Schannel/SchannelContext.h
parentb6b0695643f932827add43b9de0e09ed74eb6799 (diff)
Add ability to limit SChannel to TLS 1.0
Some servers have very restrictive TLS stacks that respond badly to a bug in the SChannel TLS implementation, meaning that TLS has to be limited to 1.0. Add ClientOptions.tlsOptions. This is a method of passing options into the TLS stack. It's currently only used for the TLS 1.0 workaround in SChannel, but we might reasonably expose other options in the future, such as limiting cypher suites. Disables use of SSLv3 for SChannel Also updates the coding style in SchannelContext a bit. Test-Information: Compiles on both OS X and Windows(SChannel). OS X doesn't show the new option. Windows shows it, and remembers it between logins. Not tested against a server requiring 1.0 only, but a previous hack with the same approach was tested. Change-Id: I1e7854d43811fd173f21f98d4dc3915fc7a4b322
Diffstat (limited to 'Swiften/TLS/Schannel/SchannelContext.h')
1 files changed, 16 insertions, 15 deletions
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 3a068f2..19cc473 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -37,7 +37,7 @@ namespace Swift
typedef boost::shared_ptr<SchannelContext> sp_t;
- SchannelContext();
+ SchannelContext(bool tls1_0Workaround);
@@ -86,23 +86,24 @@ namespace Swift
- SchannelState m_state;
- boost::optional<CertificateVerificationError> m_verificationError;
+ SchannelState state_;
+ boost::optional<CertificateVerificationError> verificationError_;
- ULONG m_secContext;
- ScopedCredHandle m_credHandle;
- ScopedCtxtHandle m_ctxtHandle;
- DWORD m_ctxtFlags;
- SecPkgContext_StreamSizes m_streamSizes;
+ ULONG secContext_;
+ ScopedCredHandle credHandle_;
+ ScopedCtxtHandle contextHandle_;
+ DWORD contextFlags_;
+ SecPkgContext_StreamSizes streamSizes_;
- std::vector<char> m_receivedData;
+ std::vector<char> receivedData_;
- HCERTSTORE m_my_cert_store;
- std::string m_cert_store_name;
- std::string m_cert_name;
+ HCERTSTORE myCertStore_;
+ std::string certStoreName_;
+ std::string certName_;
////Not needed, most likely
- std::string m_smartcard_reader; //Can be empty string for non SmartCard certificates
- boost::shared_ptr<CAPICertificate> userCertificate;
- bool checkCertificateRevocation;
+ std::string smartCardReader_; //Can be empty string for non SmartCard certificates
+ boost::shared_ptr<CAPICertificate> userCertificate_;
+ bool checkCertificateRevocation_;
+ bool tls1_0Workaround_;