1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 22:15:13 -05:00
Commit Graph

469 Commits

Author SHA1 Message Date
Marcel Raad
125827e60e schannel: fix compile break with MSVC XP toolset
For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
7.1 is used. In this case, _USING_V110_SDK71_ is defined.

Closes #812
2016-05-18 12:52:41 +02:00
Daniel Stenberg
6efd2fa529 mbedtls/polarssl: set "hostname" unconditionally
...as otherwise the TLS libs will skip the CN/SAN check and just allow
connection to any server. curl previously skipped this function when SNI
wasn't used or when connecting to an IP address specified host.

CVE-2016-3739

Bug: https://curl.haxx.se/docs/adv_20160518A.html
Reported-by: Moti Avrahami
2016-05-17 14:48:17 +02:00
Daniel Stenberg
675c30abc2 openssl: get_cert_chain: fix NULL dereference
CID 1361815: Explicit null dereferenced (FORWARD_NULL)
2016-05-17 09:34:33 +02:00
Daniel Stenberg
8132fe11b3 openssl: get_cert_chain: avoid NULL dereference
CID 1361811: Explicit null dereferenced (FORWARD_NULL)
2016-05-17 09:14:06 +02:00
Viktor Szakats
bf418d2df0 darwinssl.c: fix OS X codename typo in comment 2016-05-13 09:59:17 +02:00
Per Malmberg
3cf339901e darwinssl: fix certificate verification disable on OS X 10.8
The new way of disabling certificate verification doesn't work on
Mountain Lion (OS X 10.8) so we need to use the old way in that version
too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2
and 10.11.

Closes #802
2016-05-12 21:37:38 +02:00
Kamil Dudka
ea06ad2e31 openssl: fix compile-time warning in Curl_ossl_check_cxn()
... introduced in curl-7_48_0-293-g2968c83:

Error: COMPILER_WARNING:
lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’
lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’
may alter its value [-Wconversion]
2016-05-12 08:36:21 +02:00
Jay Satiro
2968c83967 openssl: stricter connection check function
- In the case of recv error, limit returning 'connection still in place'
to EINPROGRESS, EAGAIN and EWOULDBLOCK.

This is an improvement on the parent commit which changed the openssl
connection check to use recv MSG_PEEK instead of SSL_peek.

Ref: https://github.com/curl/curl/commit/856baf5#comments
2016-05-11 21:21:15 -04:00
Anders Bakken
856baf5a46 TLS: SSL_peek is not a const operation
Calling SSL_peek can cause bytes to be read from the raw socket which in
turn can upset the select machinery that determines whether there's data
available on the socket.

Since Curl_ossl_check_cxn only tries to determine whether the socket is
alive and doesn't actually need to see the bytes SSL_peek seems like
the wrong function to call.

We're able to occasionally reproduce a connect timeout due to this
bug. What happens is that Curl doesn't know to call SSL_connect again
after the peek happens since data is buffered in the SSL buffer and thus
select won't fire for this socket.

Closes #795
2016-05-11 00:06:40 +02:00
Daniel Stenberg
f6767f5435 TLS: move the ALPN/NPN enable bits to the connection
Only protocols that actually have a protocol registered for ALPN and NPN
should try to get that negotiated in the TLS handshake. That is only
HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
would wrongly be used in all handshakes if libcurl was built with it
enabled.

Reported-by: Jay Satiro

Fixes #789
2016-05-09 15:30:25 -04:00
Daniel Stenberg
283babfaf8 tls: make setting pinnedkey option fail if not supported
to make it obvious to users trying to use the feature with TLS backends
not supporting it.

Discussed in #781
Reported-by: Travis Burtrum
2016-05-01 17:05:38 +02:00
Jay Satiro
9f498de9a2 mbedtls: Fix session resume
This also fixes PolarSSL session resume.

Prior to this change the TLS session information wasn't properly
saved and restored for PolarSSL and mbedTLS.

Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html
Reported-by: Thomas Glanzmann

Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html
Reported-by: Moti Avrahami
2016-04-28 02:57:38 -04:00
Daniel Stenberg
ab691309ce openssl: avoid BN_print a NULL bignum
OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those
numbers so make sure the function handles this.

Reported-by: Linus Nordberg
2016-04-26 23:55:31 +02:00
Daniel Stenberg
05492fe790 mbedtls.c: silly spellfix of a comment 2016-04-26 00:28:40 +02:00
33623d7196 PolarSSL: Implement public key pinning 2016-04-24 12:27:39 +02:00
Daniel Stenberg
cfe16c22d7 openssl: builds with OpenSSL 1.1.0-pre5
The RSA, DSA and DH structs are now opaque and require use of new APIs

Fixes #763
2016-04-21 10:52:24 +02:00
Daniel Stenberg
cefe9f4f90 vtls.h: remove a space before semicolon
... that the new checksrc detected
2016-04-19 08:53:31 +02:00
Daniel Stenberg
b2d246cf6c darwinssl: removed commented out code 2016-04-19 08:53:31 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Damien Vielpeau
83b39a4f4d mbedtls: fix MBEDTLS_DEBUG builds 2016-04-07 16:12:50 +02:00
Daniel Stenberg
c111178bd4 mbedtls: implement and provide *_data_pending()
... as otherwise we might get stuck thinking there's no more data to
handle.

Reported-by: Damien Vielpeau

Fixes #737
2016-04-07 16:10:10 +02:00
Daniel Stenberg
ef802c9b85 mbedtls: follow-up for the previous commit 2016-04-07 15:32:18 +02:00
Daniel Stenberg
464bbfd6f5 mbedtls.c: name space pollution fix, Use 'Curl_' 2016-04-07 15:19:35 +02:00
Daniel Stenberg
5446549719 mbedtls.c: changed private prefix to mbed_
mbedtls_ is the prefix used by the mbedTLS library itself so we should
avoid using that for our private functions.
2016-04-07 15:16:01 +02:00
Daniel Stenberg
fdae85f68b mbedtls.h: fix compiler warnings 2016-04-07 15:11:05 +02:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Marcel Raad
4dae049157 openssl: Fix compilation warnings
When compiling with OpenSSL 1.1.0 (so that the HAVE_X509_GET0_SIGNATURE
&& HAVE_X509_GET0_EXTENSIONS pre-processor block is active), Visual C++
14 complains:

warning C4701: potentially uninitialized local variable 'palg' used
warning C4701: potentially uninitialized local variable 'psig' used
2016-03-30 23:55:00 +01:00
Jay Satiro
7921628714 wolfssl: Use ECC supported curves extension
https://github.com/wolfSSL/wolfssl/issues/366
2016-03-29 19:06:55 -04:00
Jay Satiro
a43b22e05b wolfssl: Add ALPN support 2016-03-28 18:18:09 -04:00
Steve Holme
107cb78487 schannel: Fixed compilation warning from commit f8d88a4913
warning C4244: '=': conversion from 'int' to 'unsigned short', possible
                    loss of data
2016-03-26 11:14:07 +00:00
JDepooter
f8d88a4913 schannel: Add ALPN support
Add ALPN support for schannel. This allows cURL to negotiate
HTTP/2.0 connections when built with schannel.

Closes #724
2016-03-24 09:56:12 +01:00
Daniel Stenberg
23ab481644 openssl: boringssl provides the same numbering as openssl
... so we don't need extra boringssl precautions for for
HAVE_ERR_REMOVE_THREAD_STATE_NOARG.

Pointed-out-by: David Benjamin
2016-03-23 14:59:41 +01:00
Daniel Stenberg
240cd84b49 openssl: fix ERR_remove_thread_state() for boringssl/libressl
The removed arg is only done in OpenSSL

Bug: https://twitter.com/xtraemeat/status/712564874098917376
2016-03-23 10:05:29 +01:00
Steve Holme
89f397d7eb openssl: Fixed compilation warning when /Wall enabled
warning C4706: assignment within conditional expression
2016-03-20 17:35:31 +00:00
Daniel Stenberg
80851028ef mbedtls: fix compiler warning
vtls/mbedtls.h:67:36: warning: implicit declaration of function
‘mbedtls_sha256’ [-Wimplicit-function-declaration]
2016-03-19 22:37:21 +01:00
Gisle Vanem
d816e8cf52 openssl: adapt to API breakage in ERR_remove_thread_state()
The OpenSSL API change that broke this is "Convert ERR_STATE to new
multi-threading API": openssl commit 8509dcc.

Closes #713
2016-03-17 10:42:33 +01:00
Daniel Stenberg
5f5b626357 openssl: verbose: show matching SAN pattern
... to allow users to see which specfic wildcard that matched when such
is used.

Also minor logic cleanup to simplify the code, and I removed all tabs
from verbose strings.
2016-03-17 00:49:02 +01:00
Gisle Vanem
a7ec58a89f openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages 2016-03-08 14:19:01 +01:00
Jay Satiro
81bdd85318 mbedtls: fix user-specified SSL protocol version
Prior to this change when a single protocol CURL_SSLVERSION_ was
specified by the user that version was set only as the minimum version
but not as the maximum version as well.
2016-03-05 21:39:36 -05:00
Viktor Szakats
71398487e7 openssl: use macro to guard the opaque EVP_PKEY branch 2016-02-16 00:29:36 +01:00
Viktor Szakats
ae01698ea4 openssl: avoid direct PKEY access with OpenSSL 1.1.0
by using API instead of accessing an internal structure.
This is required starting OpenSSL 1.1.0-pre3.

Closes #650
2016-02-16 00:29:24 +01:00
Shine Fan
078753c40d gtls: fix for builds lacking encrypted key file support
Bug: https://github.com/curl/curl/pull/651
2016-02-13 22:21:32 -05:00
Kamil Dudka
64fa3b8d64 nss: search slash in forward direction in dup_nickname()
It is wasteful to search it backwards if we look for _any_ slash.
2016-02-10 18:58:49 +01:00
Kamil Dudka
6390e65664 nss: do not count enabled cipher-suites
We only care if at least one cipher-suite is enabled, so it does
not make any sense to iterate till the end and count all enabled
cipher-suites.
2016-02-10 18:58:48 +01:00
Daniel Stenberg
c276aefee3 mbedtls.c: re-indent to better match curl standards 2016-02-10 10:46:57 +01:00
Rafael Antonio
c62d7944cf mbedtls: fix memory leak when destroying SSL connection data
Closes #626
2016-02-09 23:42:57 +01:00
Daniel Stenberg
716302c2cd mbedtls: fix ALPN usage segfault
Since we didn't keep the input argument around after having called
mbedtls, it could end up accessing the wrong memory when figuring out
the ALPN protocols.

Closes #642
2016-02-09 23:37:14 +01:00
David Benjamin
39c803cba2 openssl: remove most BoringSSL #ifdefs.
As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of
BoringSSL #ifdefs in cURL should be unnecessary:

- BoringSSL provides no-op stubs for compatibility which replaces most
  #ifdefs.

- DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove
  the compatibility codepath.

- With a small tweak to an extend_key_56_to_64 call, the NTLM code
  builds fine.

- Switch OCSP-related #ifdefs to the more generally useful
  OPENSSL_NO_OCSP.

The only #ifdefs which remain are Curl_ossl_version and the #undefs to
work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves
that to the consumer. The in-header workaround makes things sensitive to
include order.)

This change errs on the side of removing conditionals despite many of
the restored codepaths being no-ops. (BoringSSL generally adds no-op
compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are
bad enough!)

Closes #640
2016-02-09 08:46:36 +01:00
Ludwig Nussel
7b55279d1d configure: --with-ca-fallback: use built-in TLS CA fallback
When trying to verify a peer without having any root CA certificates
set, this makes libcurl use the TLS library's built in default as
fallback.

Closes #569
2016-02-08 14:45:58 +01:00
Jay Satiro
d6a8869ea3 openssl: Fix signed/unsigned mismatch warning in X509V3_ext
sk_X509_EXTENSION_num may return an unsigned integer, however the value
will fit in an int.

Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896
Reported-by: Gisle Vanem
2016-02-06 19:10:49 -05:00
Viktor Szakats
d49881cb19 URLs: change more http to https 2016-02-04 18:46:54 -05:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Jay Satiro
d58ba66eec mbedtls: Fix pinned key return value on fail
- Switch from verifying a pinned public key in a callback during the
certificate verification to inline after the certificate verification.

The callback method had three problems:

1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
was not returned.

2. If peer certificate verification was disabled the pinned key
verification did not take place as it should.

3. (related to #2) If there was no certificate of depth 0 the callback
would not have checked the pinned public key.

Though all those problems could have been fixed it would have made the
code more complex. Instead we now verify inline after the certificate
verification in mbedtls_connect_step2.

Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
Ref: https://github.com/bagder/curl/pull/601
2016-01-18 03:48:10 -05:00
Daniel Stenberg
35083ca60e openssl: improved error detection/reporting
... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
1.1.0+ returned a new func number of another cerfificate fail so this
required a fix and this is the better way to catch this error anyway.
2016-01-14 21:25:30 +01:00
Daniel Stenberg
fdcc4d6daa openssl: for 1.1.0+ they now provide a SSLeay() macro of their own 2016-01-14 16:38:14 +01:00
Thomas Glanzmann
bf93a1217c mbedtls: implement CURLOPT_PINNEDPUBLICKEY 2016-01-10 00:17:26 +01:00
Jay Satiro
89a1eb7b1c mbedtls: Fix ALPN support
- Fix ALPN reply detection.

- Wrap nghttp2 code in ifdef USE_NGHTTP2.


Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
2016-01-07 01:49:31 -05:00
Daniel Stenberg
151da51404 cyassl: deal with lack of *get_peer_certificate
The function is only present in wolfssl/cyassl if it was built with
--enable-opensslextra. With these checks added, pinning support is disabled
unless the TLS lib has that function available.

Also fix the mistake in configure that checks for the wrong lib name.

Closes #566
2015-12-16 10:27:18 +01:00
Daniel Stenberg
1ff3a07be9 wolfssl: handle builds without SSLv3 support 2015-12-16 10:06:09 +01:00
Daniel Stenberg
afcab2c2b6 cyassl: fix compiler warning on type conversion 2015-12-15 00:36:08 +01:00
Daniel Stenberg
727f775e59 libressl: the latest openssl x509 funcs are not in libressl 2015-12-14 09:49:54 +01:00
Daniel Stenberg
4bcc532de5 http: add libcurl option to allow HTTP/2 for HTTPS only
... and stick to 1.1 for HTTP. This is in line with what browsers do and
should have very little risk.
2015-12-13 09:24:51 +01:00
Daniel Stenberg
7f683b0ea8 openssl: adapt to openssl >= 1.1.0 X509 opaque structs
Closes #491
2015-12-10 22:45:38 +01:00
Daniel Stenberg
dd1b44c612 openssl: avoid BIO_reset() warnings since it returns a value 2015-12-10 17:31:37 +01:00
Daniel Stenberg
fa9332d3ca openssl: adapt to 1.1.0+ name changes 2015-12-10 17:31:37 +01:00
Gisle Vanem
df40b20e44 openssl: BoringSSL doesn't have CONF_modules_free 2015-12-07 18:47:26 -05:00
Daniel Stenberg
c341311a0e Revert "cleanup: general removal of TODO (and similar) comments"
This reverts commit 64e959ffe3.

Feedback-by: Dan Fandrich
URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-24 09:36:45 +01:00
Steve Holme
c2f1730e17 schannel: Corrected copy/paste error in commit 8d17117683 2015-11-21 02:54:44 +00:00
Steve Holme
8d17117683 schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.
2015-11-21 02:43:17 +00:00
Sebastian Pohlschmidt
ad2d517545 openssl: Free modules on cleanup
Curl_ossl_init calls OPENSSL_load_builtin_modules() but
Curl_ossl_cleanup doesn't make a call to free these modules.

Bug: https://github.com/bagder/curl/issues/526
2015-11-13 16:11:41 -05:00
Daniel Stenberg
64e959ffe3 cleanup: general removal of TODO (and similar) comments
They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document issues to work
on properly in KNOWN_BUGS and TODO instead.
2015-11-13 16:15:26 +01:00
Daniel Stenberg
6c20a87105 openssl: remove #if check for 0.9.7 for ENGINE_load_private_key 2015-11-13 15:55:52 +01:00
Daniel Stenberg
b430d94fb2 openssl: all supported versions have X509_STORE_set_flags
Simplify by removing #ifdefs and macros
2015-11-13 15:52:39 +01:00
Daniel Stenberg
0755308a6a openssl: remove 0.9.3 check 2015-11-13 15:51:46 +01:00
Daniel Stenberg
53b13d0c71 openssl: remove #ifdefs for < 0.9.5 support
We only support >= 0.9.7
2015-11-13 15:49:49 +01:00
Daniel Stenberg
431ba85829 lib/vtls/openssl: remove unused traces of yassl ifdefs 2015-11-13 15:48:04 +01:00
Douglas Creager
3e0d64d075 BoringSSL: Work with stricter BIO_get_mem_data()
BoringSSL implements `BIO_get_mem_data` as a function, instead of a
macro, and expects the output pointer to be a `char **`.  We have to add
an explicit cast to grab the pointer as a `const char **`.

Closes #524
2015-11-10 22:34:07 +01:00
Daniel Stenberg
fbf09b7775 mbedtls: fix "Structurally dead code"
CID 1332129
2015-10-29 22:59:27 +01:00
Daniel Stenberg
f6ce8c9abb mbedtls: fix "Logically dead code"
CID 1332128
2015-10-29 22:57:09 +01:00
Daniel Stenberg
4c62066cec Revert "openssl: engine: remove double-free"
This reverts commit 370ee919b3.

Issue #509 has all the details but it was confirmed that the crash was
not due to this, so the previous commit was wrong.
2015-10-29 14:59:11 +01:00
Daniel Stenberg
370ee919b3 openssl: engine: remove double-free
After a successful call to SSL_CTX_use_PrivateKey(), we must not call
EVP_PKEY_free() on the key.

Reported-by: nased0
Closes #509
2015-10-27 13:45:25 +01:00
Daniel Stenberg
03b6e07816 polarssl/mbedtls: fix name space pollution
Global private symbols MUST start with Curl_!
2015-10-23 16:14:29 +02:00
Dmitry S. Baikov
6288cb9304 mbedTLS: THREADING_SUPPORT compilation fix
Closes #505
2015-10-23 16:05:25 +02:00
m-gardet
ace68fdc0c mbedtls:new profile with RSA min key len = 1024.
Closes #502
2015-10-22 15:28:57 +02:00
Daniel Stenberg
257a1c0d14 vtls: fix compiler warning for TLS backends without sha256
... noticed with mbedTLS.
2015-10-20 08:12:44 +02:00
Jonas Minnberg
fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Erik Johansson
3ad83bc3a6 openssl: Fix set up of pkcs12 certificate verification chain
sk_X509_pop will decrease the size of the stack which means that the loop would
end after having added only half of the certificates.

Also make sure that the X509 certificate is freed in case
SSL_CTX_add_extra_chain_cert fails.
2015-10-11 23:14:04 +02:00
Michael Kalinin
69b89050d4 openssl: Fix algorithm init
- Change algorithm init to happen after OpenSSL config load.

Additional algorithms may be available due to the user's config so we
initialize the algorithms after the user's config is loaded.

Bug: https://github.com/bagder/curl/issues/447
Reported-by: Denis Feklushkin
2015-09-28 22:47:25 -04:00
Mike Crowe
5f87906e0e gnutls: Report actual GnuTLS error message for certificate errors
If GnuTLS fails to read the certificate then include whatever reason it
provides in the failure message reported to the client.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-23 13:44:40 +02:00
Mike Crowe
6b56901b56 gnutls: Support CURLOPT_KEYPASSWD
The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.

gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22 17:30:33 +02:00
Jay Satiro
47b7d658b4 vtls: Change designator name for server's pubkey hash
- Change the designator name we use to show the base64 encoded sha256
hash of the server's public key from 'pinnedpubkey' to
'public key hash'.

Though the server's public key hash is only shown when comparing pinned
public key hashes, the server's hash may not match one of the pinned.
2015-09-19 22:40:40 -04:00
Daniel Hwang
30c131f51f ssl: add server cert's "sha256//" hash to verbose
Add a "pinnedpubkey" section to the "Server Certificate" verbose

Bug: https://github.com/bagder/curl/issues/410
Reported-by: W. Mark Kubacki

Closes #430
Closes #410
2015-09-19 23:17:39 +02:00
Alessandro Ghedini
c184a5c6bc openssl: don't output certinfo data 2015-09-19 22:53:31 +02:00
Alessandro Ghedini
c00cec9864 openssl: refactor certificate parsing to use OpenSSL memory BIO
Fixes #427
2015-09-19 22:53:31 +02:00
Kamil Dudka
958d2ffb19 nss: prevent NSS from incorrectly re-using a session
Without this workaround, NSS re-uses a session cache entry despite the
server name does not match.  This causes SNI host name to differ from
the actual host name.  Consequently, certain servers (e.g. github.com)
respond by 400 to such requests.

Bug: https://bugzilla.mozilla.org/1202264
2015-09-18 17:38:51 +02:00
Kamil Dudka
a9fd53887b nss: check return values of NSS functions 2015-09-18 17:07:22 +02:00
Daniel Stenberg
82e3e8e31f openssl: build with < 0.9.8
... without sha256 support and no define saying so.

Reported-by: Rajkumar Mandal
2015-09-17 08:54:04 +02:00
Kamil Dudka
7380433d6a nss: do not directly access SSL_ImplementedCiphers[]
It causes dynamic linking issues at run-time after an update of NSS.

Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
2015-09-04 14:35:36 +02:00
Alessandro Ghedini
8363656cb4 openssl: handle lack of server cert when strict checking disabled
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
doesn't present a certificate at all.

Closes #392
2015-08-21 15:32:51 +02:00
Steve Holme
a1b2a6bd93 schannel: Fix compilation warning from commit 7a8e861a56
schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion'
                   of 'OSVERSIONINFOEX' [-Wmissing-field-initializers
2015-08-01 22:54:57 +01:00