aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorgeorgeok <giorgos.n.oikonomou@gmail.com>2018-11-27 18:39:45 +0100
committerMarcel Raad <Marcel.Raad@teamviewer.com>2019-01-19 13:00:53 +0100
commit09662337441c40c23da7b557c4cceacd7cc3b76e (patch)
treedf3360379c43923dcef09e746aacf7b83b3fe25b /lib/vtls
parent6ee672970972a40603d8141293ca91c4d4854187 (diff)
ntlm_sspi: add support for channel binding
Windows extended potection (aka ssl channel binding) is required to login to ntlm IIS endpoint, otherwise the server returns 401 responses. Fixes #3280 Closes #3321
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/schannel.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index ab7f83f46..af22ecbb6 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1414,6 +1414,16 @@ schannel_connect_common(struct connectdata *conn, int sockindex,
connssl->state = ssl_connection_complete;
conn->recv[sockindex] = schannel_recv;
conn->send[sockindex] = schannel_send;
+
+#ifdef SECPKG_ATTR_ENDPOINT_BINDINGS
+ /* When SSPI is used in combination with Schannel
+ * we need the Schannel context to create the Schannel
+ * binding to pass the IIS extended protection checks.
+ * Available on Windows 7 or later.
+ */
+ conn->ntlm.sslContext = &BACKEND->ctxt->ctxt_handle;
+#endif
+
*done = TRUE;
}
else