commit 47f6317336b2d8fbd1249a1a49aa561ee052719f
author Jens Geyer <jensg@apache.org> Thu Jun 06 22:42:58 2019 +0200
committer Jens Geyer <jensg@apache.org> Fri Jun 07 22:26:53 2019 +0200
tree 646134cdac295c7a905f78f13c6f333a667c1e7b
parent 936944384fc925af696a1e3cec8dad33f94c7cb3

THRIFT-4881 Allow TLS1.1 and TLS1.2 even when not configured as systemwide default
Client: Delphi
Patch: Jens Geyer

lib/delphi/src/Thrift.Transport.WinHTTP.pas

diff --git a/lib/delphi/src/Thrift.Transport.WinHTTP.pas b/lib/delphi/src/Thrift.Transport.WinHTTP.pas
index aac2aea..8b4a7bc 100644
--- a/lib/delphi/src/Thrift.Transport.WinHTTP.pas
+++ b/lib/delphi/src/Thrift.Transport.WinHTTP.pas
@@ -46,8 +46,10 @@
     FSendTimeout : Integer;
     FReadTimeout : Integer;
     FCustomHeaders : IThriftDictionary<string,string>;
+    FSecureProtocols : TSecureProtocols;
 
     function CreateRequest: IWinHTTPRequest;
+    function SecureProtocolsAsWinHTTPFlags : Cardinal;
 
   private type
       THTTPResponseStream = class( TThriftStreamImpl)
@@ -82,9 +84,12 @@
     function GetSendTimeout: Integer;
     procedure SetReadTimeout(const Value: Integer);
     function GetReadTimeout: Integer;
+    function GetSecureProtocols : TSecureProtocols;
+    procedure SetSecureProtocols( const value : TSecureProtocols);
 
     function GetCustomHeaders: IThriftDictionary<string,string>;
     procedure SendRequest;
+
     property DnsResolveTimeout: Integer read GetDnsResolveTimeout write SetDnsResolveTimeout;
     property ConnectionTimeout: Integer read GetConnectionTimeout write SetConnectionTimeout;
     property SendTimeout: Integer read GetSendTimeout write SetSendTimeout;
@@ -111,6 +116,8 @@
   FSendTimeout       := 30 * 1000;
   FReadTimeout       := 30 * 1000;
 
+  FSecureProtocols := DEFAULT_THRIFT_SECUREPROTOCOLS;
+
   FCustomHeaders := TThriftDictionaryImpl<string,string>.Create;
   FOutputMemoryStream := TMemoryStream.Create;
 end;
@@ -133,6 +140,8 @@
   url := TWinHTTPUrlImpl.Create( FUri);
 
   session := TWinHTTPSessionImpl.Create('Apache Thrift Delphi Client');
+  session.EnableSecureProtocols( SecureProtocolsAsWinHTTPFlags);
+
   connect := session.Connect( url.HostName, url.Port);
 
   sPath   := url.UrlPath + url.ExtraInfo;
@@ -148,6 +157,29 @@
   end;
 end;
 
+
+function TWinHTTPClientImpl.SecureProtocolsAsWinHTTPFlags : Cardinal;
+const
+  PROTOCOL_MAPPING : array[TSecureProtocol] of Cardinal = (
+    WINHTTP_FLAG_SECURE_PROTOCOL_SSL2,
+    WINHTTP_FLAG_SECURE_PROTOCOL_SSL3,
+    WINHTTP_FLAG_SECURE_PROTOCOL_TLS1,
+    WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1,
+    WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2
+  );
+var
+  prot : TSecureProtocol;
+  protos : TSecureProtocols;
+begin
+  result := 0;
+  protos := GetSecureProtocols;
+  for prot := Low(TSecureProtocol) to High(TSecureProtocol) do begin
+    if prot in protos
+    then result := result or PROTOCOL_MAPPING[prot];
+  end;
+end;
+
+
 function TWinHTTPClientImpl.GetDnsResolveTimeout: Integer;
 begin
   Result := FDnsResolveTimeout;
@@ -188,6 +220,16 @@
   FReadTimeout := Value;
 end;
 
+function TWinHTTPClientImpl.GetSecureProtocols : TSecureProtocols;
+begin
+  Result := FSecureProtocols;
+end;
+
+procedure TWinHTTPClientImpl.SetSecureProtocols( const value : TSecureProtocols);
+begin
+  FSecureProtocols := Value;
+end;
+
 function TWinHTTPClientImpl.GetCustomHeaders: IThriftDictionary<string,string>;
 begin
   Result := FCustomHeaders;