Check context attributes of established schannel context

bartbes · bartbes · commit b26e82cb2390 · 2019-03-10T12:36:32.000+01:00
diff --git a/src/windows/SChannelConnection.cpp b/src/windows/SChannelConnection.cpp
@@ -236,7 +236,23 @@ bool SChannelConnection::connect(const std::string &hostname, uint16_t port)
 	} while (!done);
 
 	debug << "Done!\n";
-	// TODO: Check resulting context attributes
+
+	if (success)
+	{
+		SecPkgContext_Flags resultFlags;
+		QueryContextAttributes(context.get(), SECPKG_ATTR_FLAGS, &resultFlags);
+		if (resultFlags.Flags & ISC_REQ_CONFIDENTIALITY == 0)
+		{
+			debug << "Resulting context is not encrypted, marking as failed\n";
+			success = false;
+		}
+		if (resultFlags.Flags & ISC_REQ_INTEGRITY == 0)
+		{
+			debug << "Resulting context is not signed, marking as failed\n";
+			success = false;
+		}
+	}
+
 	if (success)
 		this->context = static_cast<void*>(context.release());
 	else if (contextCreated)
