From 9bdc00b1b5032b2a355ece147fdefc804d072d94 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Tue, 27 Feb 2018 10:32:29 +0000
Subject: [PATCH] mingw: update TLS option flags

Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and
`WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw.

This updates both the `deps/winhttp` framework (for classic mingw) and
adds the defines for mingw64, which does not use that framework.
---
 deps/winhttp/winhttp.h   | 10 ++++++----
 src/transports/winhttp.c |  5 +++++
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/deps/winhttp/winhttp.h b/deps/winhttp/winhttp.h
index dd1986a66..b7fef1c4b 100644
--- a/deps/winhttp/winhttp.h
+++ b/deps/winhttp/winhttp.h
@@ -437,10 +437,12 @@ typedef int INTERNET_SCHEME, *LPINTERNET_SCHEME;
 #define WINHTTP_CALLBACK_STATUS_FLAG_CERT_WRONG_USAGE        0x00000040
 #define WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR  0x80000000
 
-#define WINHTTP_FLAG_SECURE_PROTOCOL_SSL2  0x00000008
-#define WINHTTP_FLAG_SECURE_PROTOCOL_SSL3  0x00000020
-#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1  0x00000080
-#define WINHTTP_FLAG_SECURE_PROTOCOL_ALL   (WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 | WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1)
+#define WINHTTP_FLAG_SECURE_PROTOCOL_SSL2    0x00000008
+#define WINHTTP_FLAG_SECURE_PROTOCOL_SSL3    0x00000020
+#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1    0x00000080
+#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1  0x00000200
+#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2  0x00000800
+#define WINHTTP_FLAG_SECURE_PROTOCOL_ALL     (WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 | WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1)
 
 #define WINHTTP_AUTH_SCHEME_BASIC      0x00000001
 #define WINHTTP_AUTH_SCHEME_NTLM       0x00000002
diff --git a/src/transports/winhttp.c b/src/transports/winhttp.c
index fb504c912..4618aca6d 100644
--- a/src/transports/winhttp.c
+++ b/src/transports/winhttp.c
@@ -52,6 +52,11 @@ static const int no_check_cert_flags = SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
 	SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
 	SECURITY_FLAG_IGNORE_UNKNOWN_CA;
 
+#if defined(__MINGW64_VERSION_MAJOR)
+# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 0x00000200
+# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 0x00000800
+#endif
+
 #if defined(__MINGW32__)
 static const CLSID CLSID_InternetSecurityManager_mingw =
 	{ 0x7B8A2D94, 0x0AC9, 0x11D1,