WLog_VRB(TAG, "InitializeSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
+
if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_E_OK))
{
- if (ntlm->table->CompleteAuthToken)
+ if ((status != SEC_E_OK) && ntlm->table->CompleteAuthToken)
{
SECURITY_STATUS cStatus;
+
cStatus = ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
+
if (cStatus != SEC_E_OK)
{
WLog_WARN(TAG, "CompleteAuthToken status %s [%08X]",
- GetSecurityStatusString(cStatus), cStatus);
+ GetSecurityStatusString(cStatus), cStatus);
return FALSE;
}
}
status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes);
+
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [%08X]",
int tls_do_handshake(rdpTls* tls, BOOL clientMode)
{
CryptoCert cert;
- int verify_status, status;
+ int verify_status;
do
{
#ifdef HAVE_POLL_H
+ int fd;
+ int status;
struct pollfd pollfds;
-#else
- struct timeval tv;
+#elif !defined(_WIN32)
+ int fd;
+ int status;
fd_set rset;
+ struct timeval tv;
+#else
+ HANDLE event;
+ DWORD status;
#endif
- int fd;
status = BIO_do_handshake(tls->bio);
if (!BIO_should_retry(tls->bio))
return -1;
+#ifndef _WIN32
/* we select() only for read even if we should test both read and write
* depending of what have blocked */
fd = BIO_get_fd(tls->bio, NULL);
WLog_ERR(TAG, "unable to retrieve BIO fd");
return -1;
}
+#else
+ BIO_get_event(tls->bio, &event);
+
+ if (!event)
+ {
+ WLog_ERR(TAG, "unable to retrieve BIO event");
+ return -1;
+ }
+#endif
#ifdef HAVE_POLL_H
pollfds.fd = fd;
status = poll(&pollfds, 1, 10 * 1000);
}
while ((status < 0) && (errno == EINTR));
-#else
+#elif !defined(_WIN32)
FD_ZERO(&rset);
FD_SET(fd, &rset);
tv.tv_sec = 0;
tv.tv_usec = 10 * 1000; /* 10ms */
status = _select(fd + 1, &rset, NULL, NULL, &tv);
+#else
+ status = WaitForSingleObject(event, 10);
#endif
+
+#ifndef _WIN32
if (status < 0)
{
WLog_ERR(TAG, "error during select()");
return -1;
}
+#else
+ if ((status != WAIT_OBJECT_0) && (status != WAIT_TIMEOUT))
+ {
+ WLog_ERR(TAG, "error during WaitForSingleObject(): 0x%04X", status);
+ return -1;
+ }
+#endif
}
while (TRUE);
cert = tls_get_certificate(tls, clientMode);
+
if (!cert)
{
WLog_ERR(TAG, "tls_get_certificate failed to return the server certificate.");
}
tls->Bindings = tls_get_channel_bindings(cert->px509);
+
if (!tls->Bindings)
{
WLog_ERR(TAG, "unable to retrieve bindings");
goto out;
}
- /* Note: server-side NLA needs public keys (keys from us, the server) but no
- * certificate verify
- */
+ /* server-side NLA needs public keys (keys from us, the server) but no certificate verify */
verify_status = 1;
+
if (clientMode)
{
verify_status = tls_verify_certificate(tls, cert, tls->hostname, tls->port);