diff options
author | liamwhite <liamwhite@users.noreply.github.com> | 2023-08-26 00:02:32 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-26 00:02:32 +0200 |
commit | 234cc45192cc854a2b1897bd90af86a66ff59ae4 (patch) | |
tree | fd3fbed6573a2ab7c55dd71aab3c2ac86353cded /src/core/hle/service/ssl | |
parent | registered_cache: create fake CNMT entries for program updates of multiprogram applications (#11319) (diff) | |
download | yuzu-234cc45192cc854a2b1897bd90af86a66ff59ae4.tar yuzu-234cc45192cc854a2b1897bd90af86a66ff59ae4.tar.gz yuzu-234cc45192cc854a2b1897bd90af86a66ff59ae4.tar.bz2 yuzu-234cc45192cc854a2b1897bd90af86a66ff59ae4.tar.lz yuzu-234cc45192cc854a2b1897bd90af86a66ff59ae4.tar.xz yuzu-234cc45192cc854a2b1897bd90af86a66ff59ae4.tar.zst yuzu-234cc45192cc854a2b1897bd90af86a66ff59ae4.zip |
Diffstat (limited to 'src/core/hle/service/ssl')
-rw-r--r-- | src/core/hle/service/ssl/ssl.cpp | 10 | ||||
-rw-r--r-- | src/core/hle/service/ssl/ssl_backend_openssl.cpp | 3 | ||||
-rw-r--r-- | src/core/hle/service/ssl/ssl_backend_schannel.cpp | 25 |
3 files changed, 14 insertions, 24 deletions
diff --git a/src/core/hle/service/ssl/ssl.cpp b/src/core/hle/service/ssl/ssl.cpp index 2cba9e5c9..6c8427b0d 100644 --- a/src/core/hle/service/ssl/ssl.cpp +++ b/src/core/hle/service/ssl/ssl.cpp @@ -139,7 +139,6 @@ private: bool do_not_close_socket = false; bool get_server_cert_chain = false; std::shared_ptr<Network::SocketBase> socket; - bool did_set_host_name = false; bool did_handshake = false; Result SetSocketDescriptorImpl(s32* out_fd, s32 fd) { @@ -174,11 +173,7 @@ private: Result SetHostNameImpl(const std::string& hostname) { LOG_DEBUG(Service_SSL, "called. hostname={}", hostname); ASSERT(!did_handshake); - Result res = backend->SetHostName(hostname); - if (res == ResultSuccess) { - did_set_host_name = true; - } - return res; + return backend->SetHostName(hostname); } Result SetVerifyOptionImpl(u32 option) { @@ -208,9 +203,6 @@ private: Result DoHandshakeImpl() { ASSERT_OR_EXECUTE(!did_handshake && socket, { return ResultNoSocket; }); - ASSERT_OR_EXECUTE_MSG( - did_set_host_name, { return ResultInternalError; }, - "Expected SetHostName before DoHandshake"); Result res = backend->DoHandshake(); did_handshake = res.IsSuccess(); return res; diff --git a/src/core/hle/service/ssl/ssl_backend_openssl.cpp b/src/core/hle/service/ssl/ssl_backend_openssl.cpp index b2dd37cd4..5714e6f3c 100644 --- a/src/core/hle/service/ssl/ssl_backend_openssl.cpp +++ b/src/core/hle/service/ssl/ssl_backend_openssl.cpp @@ -167,9 +167,8 @@ public: } ~SSLConnectionBackendOpenSSL() { - // these are null-tolerant: + // this is null-tolerant: SSL_free(ssl); - BIO_free(bio); } static void KeyLogCallback(const SSL* ssl, const char* line) { diff --git a/src/core/hle/service/ssl/ssl_backend_schannel.cpp b/src/core/hle/service/ssl/ssl_backend_schannel.cpp index bda12b761..d834a0c1f 100644 --- a/src/core/hle/service/ssl/ssl_backend_schannel.cpp +++ b/src/core/hle/service/ssl/ssl_backend_schannel.cpp @@ -31,9 +31,9 @@ CredHandle cred_handle; static void OneTimeInit() { schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; schannel_cred.dwFlags = - SCH_USE_STRONG_CRYPTO | // don't allow insecure protocols - SCH_CRED_AUTO_CRED_VALIDATION | // validate certs - SCH_CRED_NO_DEFAULT_CREDS; // don't automatically present a client certificate + SCH_USE_STRONG_CRYPTO | // don't allow insecure protocols + SCH_CRED_NO_SERVERNAME_CHECK | // don't validate server names + SCH_CRED_NO_DEFAULT_CREDS; // don't automatically present a client certificate // ^ I'm assuming that nobody would want to connect Yuzu to a // service that requires some OS-provided corporate client // certificate, and presenting one to some arbitrary server @@ -227,16 +227,15 @@ public: ciphertext_read_buf.size()); } - const SECURITY_STATUS ret = - InitializeSecurityContextA(&cred_handle, initial_call_done ? &ctxt : nullptr, - // Caller ensured we have set a hostname: - const_cast<char*>(hostname.value().c_str()), req, - 0, // Reserved1 - 0, // TargetDataRep not used with Schannel - initial_call_done ? &input_desc : nullptr, - 0, // Reserved2 - initial_call_done ? nullptr : &ctxt, &output_desc, &attr, - nullptr); // ptsExpiry + char* hostname_ptr = hostname ? const_cast<char*>(hostname->c_str()) : nullptr; + const SECURITY_STATUS ret = InitializeSecurityContextA( + &cred_handle, initial_call_done ? &ctxt : nullptr, hostname_ptr, req, + 0, // Reserved1 + 0, // TargetDataRep not used with Schannel + initial_call_done ? &input_desc : nullptr, + 0, // Reserved2 + initial_call_done ? nullptr : &ctxt, &output_desc, &attr, + nullptr); // ptsExpiry if (output_buffers[0].pvBuffer) { const std::span span(static_cast<u8*>(output_buffers[0].pvBuffer), |