public static SafeSslHandle Create(SafeSslContextHandle context, bool isServer)
{
IntPtr memMethod = libcrypto.BIO_s_mem();
SafeBioHandle readBio = libcrypto.BIO_new(memMethod);
if (readBio.IsInvalid)
{
return new SafeSslHandle();
}
SafeBioHandle writeBio = libcrypto.BIO_new(memMethod);
if (writeBio.IsInvalid)
{
readBio.Dispose();
return new SafeSslHandle();
}
SafeSslHandle handle = SSL_new(context);
if (handle.IsInvalid)
{
readBio.Dispose();
writeBio.Dispose();
return handle;
}
handle._isServer = isServer;
// After SSL_set_bio, the BIO handles are owned by SSL pointer
// and are automatically freed by SSL_free. To prevent a double
// free, we need to keep the ref counts bumped up till SSL_free
bool gotRef = false;
readBio.DangerousAddRef(ref gotRef);
try
{
bool ignore = false;
writeBio.DangerousAddRef(ref ignore);
}
catch
{
if (gotRef)
{
readBio.DangerousRelease();
}
throw;
}
SSL_set_bio(handle, readBio, writeBio);
handle._readBio = readBio;
handle._writeBio = writeBio;
if (isServer)
{
SSL_set_accept_state(handle);
}
else
{
SSL_set_connect_state(handle);
}
return handle;
}
private static CURLcode SetSslCtxVerifyCallback(
IntPtr curl,
IntPtr sslCtx)
{
using (SafeSslContextHandle ctx = new SafeSslContextHandle(sslCtx, ownsHandle: false))
{
Interop.Ssl.SslCtxSetCertVerifyCallback(ctx, s_sslVerifyCallback, IntPtr.Zero);
}
return CURLcode.CURLE_OK;
}
private static int SetSslCtxVerifyCallback(
IntPtr curl,
IntPtr sslCtx,
IntPtr userPtr)
{
using (SafeSslContextHandle ctx = new SafeSslContextHandle(sslCtx, ownsHandle: false))
{
Interop.Ssl.SslCtxSetCertVerifyCallback(ctx, s_sslVerifyCallback, userPtr);
}
return Interop.libcurl.CURLcode.CURLE_OK;
}
private static CURLcode SetSslCtxVerifyCallback(
IntPtr curl,
IntPtr sslCtx,
IntPtr userPointer)
{
using (SafeSslContextHandle ctx = new SafeSslContextHandle(sslCtx, ownsHandle: false))
{
Interop.Ssl.SslCtxSetCertVerifyCallback(ctx, s_sslVerifyCallback, curl);
if (userPointer == IntPtr.Zero)
{
VerboseTrace("Not using client Certificate callback ");
}
else
{
ClientCertificateProvider provider = null;
try
{
GCHandle handle = GCHandle.FromIntPtr(userPointer);
provider = (ClientCertificateProvider)handle.Target;
}
catch (InvalidCastException)
{
Debug.Fail("ClientCertificateProvider wasn't the GCHandle's Target");
return CURLcode.CURLE_ABORTED_BY_CALLBACK;
}
catch (InvalidOperationException)
{
Debug.Fail("Invalid GCHandle in CurlSslCallback");
return CURLcode.CURLE_ABORTED_BY_CALLBACK;
}
Debug.Assert(provider != null, "Expected non-null sslCallback in curlCallBack");
Interop.Ssl.SslCtxSetClientCertCallback(ctx, provider._callback);
}
}
return CURLcode.CURLE_OK;
}
internal static extern void SslCtxSetQuietShutdown(SafeSslContextHandle ctx);
internal static extern int SslCtxCheckPrivateKey(SafeSslContextHandle ctx);
internal static extern int SslCtxUsePrivateKey(SafeSslContextHandle ctx, SafeEvpPKeyHandle keyPtr);
internal static extern void SslCtxSetCertVerifyCallback(SafeSslContextHandle ctx, AppVerifyCallback cb, IntPtr arg);
public static SafeSslHandle Create(SafeSslContextHandle context, bool isServer)
{
SafeBioHandle readBio = Interop.Crypto.CreateMemoryBio();
if (readBio.IsInvalid)
{
return(new SafeSslHandle());
}
SafeBioHandle writeBio = Interop.Crypto.CreateMemoryBio();
if (writeBio.IsInvalid)
{
readBio.Dispose();
return(new SafeSslHandle());
}
SafeSslHandle handle = Interop.Ssl.SslCreate(context);
if (handle.IsInvalid)
{
readBio.Dispose();
writeBio.Dispose();
return(handle);
}
handle._isServer = isServer;
// After SSL_set_bio, the BIO handles are owned by SSL pointer
// and are automatically freed by SSL_free. To prevent a double
// free, we need to keep the ref counts bumped up till SSL_free
bool gotRef = false;
readBio.DangerousAddRef(ref gotRef);
try
{
bool ignore = false;
writeBio.DangerousAddRef(ref ignore);
}
catch
{
if (gotRef)
{
readBio.DangerousRelease();
}
throw;
}
Interop.Ssl.SslSetBio(handle, readBio, writeBio);
handle._readBio = readBio;
handle._writeBio = writeBio;
if (isServer)
{
Interop.Ssl.SslSetAcceptState(handle);
}
else
{
Interop.Ssl.SslSetConnectState(handle);
}
return(handle);
}
internal static extern long SSL_CTX_ctrl(SafeSslContextHandle ctx, int cmd, long larg, IntPtr parg);
internal static extern void SslCtxSetClientCAList(SafeSslContextHandle ctx, SafeX509NameStackHandle x509NameStackPtr);
internal static extern int SSL_CTX_check_private_key(SafeSslContextHandle ctx);
internal static extern void SSL_CTX_set_quiet_shutdown(SafeSslContextHandle ctx, int mode);
internal static extern void SSL_CTX_set_verify(SafeSslContextHandle ctx, int mode, [MarshalAs(UnmanagedType.FunctionPtr)] verify_callback callback);
internal static extern void SSL_CTX_set_client_CA_list(SafeSslContextHandle ctx, SafeX509NameStackHandle x509NameStackPtr);
internal static extern int SSL_CTX_set_cipher_list(SafeSslContextHandle ctx, string policy);
internal static extern void SslCtxSetVerify(SafeSslContextHandle ctx, SslCtxSetVerifyCallback callback);
internal static extern SafeSslHandle SSL_new(SafeSslContextHandle ctx);
internal static extern void SetEncryptionPolicy(SafeSslContextHandle ctx, EncryptionPolicy policy);
public static SafeSslHandle Create(SafeSslContextHandle context, bool isServer)
{
SafeBioHandle readBio = Interop.Crypto.CreateMemoryBio();
SafeBioHandle writeBio = Interop.Crypto.CreateMemoryBio();
SafeSslHandle handle = Interop.Ssl.SslCreate(context);
if (readBio.IsInvalid || writeBio.IsInvalid || handle.IsInvalid)
{
readBio.Dispose();
writeBio.Dispose();
handle.Dispose(); // will make IsInvalid==true if it's not already
return handle;
}
handle._isServer = isServer;
// SslSetBio will transfer ownership of the BIO handles to the SSL context
try
{
readBio.TransferOwnershipToParent(handle);
writeBio.TransferOwnershipToParent(handle);
handle._readBio = readBio;
handle._writeBio = writeBio;
Interop.Ssl.SslSetBio(handle, readBio, writeBio);
}
catch (Exception exc)
{
// The only way this should be able to happen without thread aborts is if we hit OOMs while
// manipulating the safe handles, in which case we may leak the bio handles.
Debug.Fail("Unexpected exception while transferring SafeBioHandle ownership to SafeSslHandle", exc.ToString());
throw;
}
if (isServer)
{
Interop.Ssl.SslSetAcceptState(handle);
}
else
{
Interop.Ssl.SslSetConnectState(handle);
}
return handle;
}
internal static extern void SetProtocolOptions(SafeSslContextHandle ctx, SslProtocols protocols);
private static void UpdateCAListFromRootStore(SafeSslContextHandle context)
{
using (SafeX509NameStackHandle nameStack = Crypto.NewX509NameStack())
{
//maintaining the HashSet of Certificate's issuer name to keep track of duplicates
HashSet<string> issuerNameHashSet = new HashSet<string>();
//Enumerate Certificates from LocalMachine and CurrentUser root store
AddX509Names(nameStack, StoreLocation.LocalMachine, issuerNameHashSet);
AddX509Names(nameStack, StoreLocation.CurrentUser, issuerNameHashSet);
Ssl.SslCtxSetClientCAList(context, nameStack);
// The handle ownership has been transferred into the CTX.
nameStack.SetHandleAsInvalid();
}
}
internal static extern int SSL_CTX_use_certificate(SafeSslContextHandle ctx, SafeX509Handle certPtr);
internal static extern void SslCtxSetClientCertCallback(SafeSslContextHandle ctx, ClientCertCallback callback);
internal static extern SafeSslHandle SslCreate(SafeSslContextHandle ctx);
internal static extern int SSL_CTX_use_PrivateKey(SafeSslContextHandle ctx, SafeEvpPKeyHandle keyPtr);
private static void SetSslCertificate(SafeSslContextHandle contextPtr, SafeX509Handle certPtr, SafeEvpPKeyHandle keyPtr)
{
Debug.Assert(certPtr != null && !certPtr.IsInvalid, "certPtr != null && !certPtr.IsInvalid");
Debug.Assert(keyPtr != null && !keyPtr.IsInvalid, "keyPtr != null && !keyPtr.IsInvalid");
int retVal = Ssl.SslCtxUseCertificate(contextPtr, certPtr);
if (1 != retVal)
{
throw CreateSslException(SR.net_ssl_use_cert_failed);
}
retVal = Ssl.SslCtxUsePrivateKey(contextPtr, keyPtr);
if (1 != retVal)
{
throw CreateSslException(SR.net_ssl_use_private_key_failed);
}
//check private key
retVal = Ssl.SslCtxCheckPrivateKey(contextPtr);
if (1 != retVal)
{
throw CreateSslException(SR.net_ssl_check_private_key_failed);
}
}
internal static extern int SslCtxUseCertificate(SafeSslContextHandle ctx, SafeX509Handle certPtr);
