Ejemplo n.º 1
0
            public void do_handshake()
            {
                try {
                    // make sure the remote side hasn't shutdown before authenticating so we don't
                    // hang if we're in blocking mode.
#pragma warning disable 219 // unused variable
                    int available = _socket._socket.Available;
#pragma warning restore 219
                } catch (SocketException) {
                    throw PythonExceptions.CreateThrowable(PythonExceptions.OSError, "socket closed before handshake");
                }

                EnsureSslStream(true);

                var enabledSslProtocols = GetProtocolType(_protocol);

                try {
                    if (_serverSide)
                    {
                        _sslStream.AuthenticateAsServer(_cert, _certsMode == PythonSsl.CERT_REQUIRED, enabledSslProtocols, false);
                    }
                    else
                    {
                        var collection = new X509CertificateCollection();

                        if (_cert != null)
                        {
                            collection.Add(_cert);
                        }
                        _sslStream.AuthenticateAsClient(_serverHostName ?? _socket._hostName, collection, enabledSslProtocols, false);
                    }
                } catch (AuthenticationException e) {
                    ((IDisposable)_socket._socket).Dispose();
                    throw PythonExceptions.CreateThrowable(PythonSsl.SSLError(_context), "errors while performing handshake: ", e.ToString());
                }

                if (_validationFailure != null)
                {
                    throw _validationFailure;
                }
            }
Ejemplo n.º 2
0
 private void ValidationError(object reason)
 {
     _validationFailure = PythonExceptions.CreateThrowable(PythonSsl.SSLError(_context), "errors while validating certificate chain: ", reason.ToString());
 }
Ejemplo n.º 3
0
            internal _SSLSocket(CodeContext context,
                                PythonSocket.socket sock,
                                bool server_side,
                                string keyfile     = null,
                                string certfile    = null,
                                int certs_mode     = PythonSsl.CERT_NONE,
                                int protocol       = (PythonSsl.PROTOCOL_SSLv23 | PythonSsl.OP_NO_SSLv2 | PythonSsl.OP_NO_SSLv3),
                                string cacertsfile = null,
                                X509Certificate2Collection certs = null)
            {
                if (sock == null)
                {
                    throw PythonOps.TypeError("expected socket object, got None");
                }

                _serverSide = server_side;
                bool validate;

                _certsMode = certs_mode;

                RemoteCertificateValidationCallback callback;

                switch (certs_mode)
                {
                case PythonSsl.CERT_NONE:
                    validate = false;
                    callback = CertValidationCallback;
                    break;

                case PythonSsl.CERT_OPTIONAL:
                    validate = true;
                    callback = CertValidationCallbackOptional;
                    break;

                case PythonSsl.CERT_REQUIRED:
                    validate = true;
                    callback = CertValidationCallbackRequired;
                    break;

                default:
                    throw new InvalidOperationException(String.Format("bad certs_mode: {0}", certs_mode));
                }

                _callback = callback;

                if (certs != null)
                {
                    _certCollection = certs;
                }

                if (certfile != null)
                {
                    _cert = PythonSsl.ReadCertificate(context, certfile);
                }

                if (cacertsfile != null)
                {
                    _certCollection = new X509Certificate2Collection(new[] { PythonSsl.ReadCertificate(context, cacertsfile) });
                }

                _socket = sock;

                EnsureSslStream(false);

                _protocol = protocol;
                _validate = validate;
                _context  = context;
            }