aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2016-06-06 20:53:30 +0100
committerSteve Holme <steve_holme@hotmail.com>2016-06-06 20:53:30 +0100
commit34855feeb4c2991f7a158064abef16829bd4425f (patch)
treef2da1b12aeb2f167b780dd7cc3a788e7be550e4a
parent84a48e5732d9dd0c98fda3597352e4b16f35a7ad (diff)
schannel: Disable ALPN on Windows < 8.1
Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL fails on Windows < 8.1 so we need to disable ALPN on these OS versions. Inspiration provide by: Daniel Seither Closes #848 Fixes #840
-rw-r--r--lib/vtls/schannel.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 23019f812..90b6addcf 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -64,8 +64,11 @@
#include "curl_memory.h"
#include "memdebug.h"
-/* ALPN requires version 8.1 of the Windows SDK, which was
- shipped with Visual Studio 2013, aka _MSC_VER 1800*/
+/* ALPN requires version 8.1 of the Windows SDK, which was
+ shipped with Visual Studio 2013, aka _MSC_VER 1800:
+
+ https://technet.microsoft.com/en-us/library/hh831771%28v=ws.11%29.aspx
+*/
#if defined(_MSC_VER) && (_MSC_VER >= 1800) && !defined(_USING_V110_SDK71_)
# define HAS_ALPN 1
#endif
@@ -245,7 +248,10 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
}
#ifdef HAS_ALPN
- if(conn->bits.tls_enable_alpn) {
+ /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above */
+ if(conn->bits.tls_enable_alpn &&
+ Curl_verify_windows_version(6, 3, PLATFORM_WINNT,
+ VERSION_GREATER_THAN_EQUAL)) {
int cur = 0;
int list_start_index = 0;
unsigned int* extension_len = NULL;
@@ -645,7 +651,10 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
}
#ifdef HAS_ALPN
- if(conn->bits.tls_enable_alpn) {
+ /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above */
+ if(conn->bits.tls_enable_alpn &&
+ Curl_verify_windows_version(6, 3, PLATFORM_WINNT,
+ VERSION_GREATER_THAN_EQUAL)) {
sspi_status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle,
SECPKG_ATTR_APPLICATION_PROTOCOL, &alpn_result);