/// <exception cref="System.IO.IOException"></exception>
public void Verify(string host, SSLSocket ssl)
{
if (host == null)
{
throw new ArgumentNullException("host to verify is null");
}
SSLSession session = ssl.GetSession();
if (session == null)
{
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server'
// chain. Hopefully this will unearth the real problem:
InputStream @in = ssl.GetInputStream();
@in.Available();
// If ssl.getInputStream().available() didn't cause an
// exception, maybe at least now the session is available?
session = ssl.GetSession();
if (session == null)
{
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.StartHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.GetSession();
}
}
Certificate[] certs = session.GetPeerCertificates();
X509Certificate x509 = (X509Certificate)certs[0];
Verify(host, x509);
}
public void Connect(int sendTimeout = -1, int receiveTimeout = -1)
{
SSLSocket sslSocket = null;
var f = SSLSocketFactory.Default as SSLSocketFactory;
sslSocket = f.CreateSocket(_remoteHostName, _remotePort) as SSLSocket;
_socket = sslSocket;
_socket.SoTimeout = receiveTimeout == -1 ? 0 : receiveTimeout;
sslSocket.StartHandshake();
_socket.SoTimeout = 0;
}
/// <exception cref="System.IO.IOException"></exception>
public virtual System.Net.Sockets.Socket CreateLayeredSocket(System.Net.Sockets.Socket
socket, string target, int port, HttpContext context)
{
SSLSocket sslsock = (SSLSocket)this.socketfactory.CreateSocket(socket, target, port
, true);
if (supportedProtocols != null)
{
sslsock.SetEnabledProtocols(supportedProtocols);
}
if (supportedCipherSuites != null)
{
sslsock.SetEnabledCipherSuites(supportedCipherSuites);
}
PrepareSocket(sslsock);
sslsock.StartHandshake();
VerifyHostname(sslsock, target);
return(sslsock);
}
/// <exception cref="System.IO.IOException"></exception>
public virtual System.Net.Sockets.Socket ConnectSocket(int connectTimeout, System.Net.Sockets.Socket
socket, HttpHost host, IPEndPoint remoteAddress, IPEndPoint localAddress, HttpContext
context)
{
Args.NotNull(host, "HTTP host");
Args.NotNull(remoteAddress, "Remote address");
System.Net.Sockets.Socket sock = socket != null ? socket : CreateSocket(context);
if (localAddress != null)
{
sock.Bind2(localAddress);
}
try
{
sock.Connect(remoteAddress, connectTimeout);
}
catch (IOException ex)
{
try
{
sock.Close();
}
catch (IOException)
{
}
throw;
}
// Setup SSL layering if necessary
if (sock is SSLSocket)
{
SSLSocket sslsock = (SSLSocket)sock;
sslsock.StartHandshake();
VerifyHostname(sslsock, host.GetHostName());
return(sock);
}
else
{
return(CreateLayeredSocket(sock, host.GetHostName(), remoteAddress.Port, context));
}
}
/// <exception cref="System.IO.IOException"/>
public override void Check(string[] host, SSLSocket ssl)
{
if (host == null)
{
throw new ArgumentNullException("host to verify is null");
}
SSLSession session = ssl.GetSession();
if (session == null)
{
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server'
// chain. Hopefully this will unearth the real problem:
InputStream @in = ssl.GetInputStream();
@in.Available();
/*
* If you're looking at the 2 lines of code above because
* you're running into a problem, you probably have two
* options:
*
#1. Clean up the certificate chain that your server
* is presenting (e.g. edit "/etc/apache2/server.crt"
* or wherever it is your server's certificate chain
* is defined).
*
* OR
*
#2. Upgrade to an IBM 1.5.x or greater JVM, or switch
* to a non-IBM JVM.
*/
// If ssl.getInputStream().available() didn't cause an
// exception, maybe at least now the session is available?
session = ssl.GetSession();
if (session == null)
{
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.StartHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.GetSession();
}
}
Certificate[] certs;
try
{
certs = session.GetPeerCertificates();
}
catch (SSLPeerUnverifiedException spue)
{
InputStream @in = ssl.GetInputStream();
@in.Available();
// Didn't trigger anything interesting? Okay, just throw
// original.
throw;
}
X509Certificate x509 = (X509Certificate)certs[0];
Check(host, x509);
}
