public SslStreamServer(
Stream stream,
bool ownStream,
X509Certificate serverCertificate,
bool clientCertificateRequired,
X509Chain caCerts,
SslProtocols enabledSslProtocols,
SslStrength sslStrength,
bool checkCertificateRevocation,
RemoteCertificateValidationHandler remote_callback)
: base(stream, ownStream)
{
this.checkCertificateRevocationStatus = checkCertificateRevocation;
this.remoteCertificateSelectionCallback = remote_callback;
// Initialize the SslContext object
InitializeServerContext(serverCertificate, clientCertificateRequired, caCerts, enabledSslProtocols, sslStrength, checkCertificateRevocation);
// Initalize the Ssl object
ssl = new Ssl(sslContext);
// Initialze the read/write bio
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
// Set the read/write bio's into the the Ssl object
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into server mode
ssl.SetAcceptState();
}
protected void InitializeClientContext(X509List certificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation)
{
// Initialize the context with the specified SSL version
// Initialize the context
sslContext = new SslContext(SslMethod.SSLv23_client_method);
// Remove support for protocols not specified in the enabledSslProtocols
if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
{
sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
}
if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
{
// no SSLv3 support
sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
}
if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
(enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
{
sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
}
// Set the Local certificate selection callback
sslContext.SetClientCertCallback(internalCertificateSelectionCallback);
// Set the enabled cipher list
sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
// Set the callbacks for remote cert verification and local cert selection
if (remoteCertificateSelectionCallback != null)
{
sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
}
// Set the CA list into the store
if (caCertificates != null)
{
var store = new X509Store(caCertificates);
sslContext.SetCertificateStore(store);
}
// Set up the read/write bio's
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
ssl = new Ssl(sslContext);
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into Client mode
ssl.SetConnectState();
}
public override void Close()
{
//base.Close();
if (ssl != null)
{
ssl.Dispose();
ssl = null;
}
if (sslContext != null)
{
sslContext.Dispose();
sslContext = null;
}
}
public override void Close()
{
if (disposed)
{
return;
}
if (ssl != null)
{
ssl.Dispose();
ssl = null;
}
if (sslContext != null)
{
sslContext.Dispose();
sslContext = null;
}
base.Close();
this.Dispose();
}
public SslStreamServer(
Stream stream,
X509Certificate serverCertificate,
bool clientCertificateRequired,
X509Chain caCerts,
SslProtocols enabledSslProtocols,
SslStrength sslStrength,
bool checkCertificateRevocation,
RemoteCertificateValidationHandler remote_callback) : base(stream)
{
checkCertificateRevocationStatus = checkCertificateRevocation;
OnRemoteCertificate = remote_callback;
// Initialize the SslContext object
InitializeServerContext(
serverCertificate,
clientCertificateRequired,
caCerts,
enabledSslProtocols,
sslStrength,
checkCertificateRevocation);
// Initalize the Ssl object
ssl = new Ssl(sslContext);
sniCb = sniExt.ServerSniCb;
sniExt.AttachSniExtensionServer(ssl.Handle, sslContext.Handle, sniCb);
// Initialze the read/write bio
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
// Set the read/write bio's into the the Ssl object
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into server mode
ssl.SetAcceptState();
}
public SslAnonStreamServer(
Stream stream,
bool ownStream,
DH dh,
SslProtocols enabledSslProtocols,
SslStrength sslStrength)
: base(stream, ownStream)
{
// Initialize the SslContext object
InitializeServerContext(dh, enabledSslProtocols, sslStrength);
// Initalize the Ssl object
ssl = new Ssl(sslContext);
// Initialze the read/write bio
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
// Set the read/write bio's into the the Ssl object
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into server mode
ssl.SetAcceptState();
}
public SslAnonStreamServer(
Stream stream,
bool ownStream,
DH dh,
SslProtocols enabledSslProtocols,
SslStrength sslStrength)
: base(stream, ownStream)
{
// Initialize the SslContext object
InitializeServerContext(dh, enabledSslProtocols, sslStrength);
// Initalize the Ssl object
ssl = new Ssl(sslContext);
// Initialze the read/write bio
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
// Set the read/write bio's into the the Ssl object
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into server mode
ssl.SetAcceptState();
}
private int OnClientCertificate(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key)
{
x509_cert = null;
key = null;
var name_stack = ssl.CAList;
var strIssuers = new string[name_stack.Count];
var count = 0;
foreach (var name in name_stack)
{
strIssuers[count++] = name.OneLine;
}
if (OnLocalCertificate != null)
{
var cert = OnLocalCertificate(
this,
targetHost,
clientCertificates,
ssl.GetPeerCertificate(),
strIssuers
);
if (cert != null && cert.HasPrivateKey)
{
x509_cert = cert;
key = cert.PrivateKey;
// Addref the cert and private key
x509_cert.AddRef();
key.AddRef();
// return success
return(1);
}
}
return(0);
}
internal int OnClientCertThunk(IntPtr ssl_ptr, out IntPtr cert_ptr, out IntPtr key_ptr)
{
X509Certificate cert = null;
CryptoKey key = null;
Ssl ssl = new Ssl(ssl_ptr, false);
cert_ptr = IntPtr.Zero;
key_ptr = IntPtr.Zero;
int nRet = OnClientCertCallback(ssl, out cert, out key);
if (nRet != 0)
{
if (cert != null)
{
cert_ptr = cert.Handle;
}
if (key != null)
{
key_ptr = key.Handle;
}
}
return(nRet);
}
protected void InitializeClientContext(X509List certificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation)
{
// Initialize the context with the specified ssl version
// Initialize the context
sslContext = new SslContext(SslMethod.SSLv23_client_method);
// Remove support for protocols not specified in the enabledSslProtocols
if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
{
sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
}
if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
{
// no SSLv3 support
sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
}
if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
(enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
{
sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
}
// Set the Local certificate selection callback
sslContext.SetClientCertCallback(this.internalCertificateSelectionCallback);
// Set the enabled cipher list
sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
// Set the callbacks for remote cert verification and local cert selection
if (remoteCertificateSelectionCallback != null)
{
sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
}
// Set the CA list into the store
if (caCertificates != null)
{
X509Store store = new X509Store(caCertificates);
sslContext.SetCertificateStore(store);
}
// Set up the read/write bio's
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
ssl = new Ssl(sslContext);
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into Client mode
ssl.SetConnectState();
}
protected void InitializeClientContext(
X509List certificates,
SslProtocols enabledSslProtocols,
SslStrength sslStrength,
bool checkCertificateRevocation)
{
// Initialize the context with specified TLS version
sslContext = new SslContext(SslMethod.TLSv12_client_method, ConnectionEnd.Client, new[] {
Protocols.Http2,
Protocols.Http1
});
var options = sslContext.Options;
// Remove support for protocols not specified in the enabledSslProtocols
if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl2))
{
options |= SslOptions.SSL_OP_NO_SSLv2;
}
if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl3))
{
options |= SslOptions.SSL_OP_NO_SSLv3;
}
if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Tls))
{
options |= SslOptions.SSL_OP_NO_TLSv1;
}
sslContext.Options = options;
// Set the Local certificate selection callback
sslContext.SetClientCertCallback(OnClientCertificate);
// Set the enabled cipher list
sslContext.SetCipherList(SslCipher.MakeString(enabledSslProtocols, sslStrength));
// Set the callbacks for remote cert verification and local cert selection
if (OnRemoteCertificate != null)
{
sslContext.SetVerify(
VerifyMode.SSL_VERIFY_PEER |
VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
OnRemoteCertificate);
}
// Set the CA list into the store
if (caCertificates != null)
{
var store = new X509Store(caCertificates);
sslContext.SetCertificateStore(store);
}
// Set up the read/write bio's
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
ssl = new Ssl(sslContext);
sniCb = sniExt.ClientSniCb;
sniExt.AttachSniExtensionClient(ssl.Handle, sslContext.Handle, sniCb);
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into Client mode
ssl.SetConnectState();
}
internal int OnClientCertThunk(IntPtr ssl_ptr, out IntPtr cert_ptr, out IntPtr key_ptr)
{
X509Certificate cert = null;
CryptoKey key = null;
Ssl ssl = new Ssl(ssl_ptr, false);
cert_ptr = IntPtr.Zero;
key_ptr = IntPtr.Zero;
int nRet = OnClientCertCallback(ssl, out cert, out key);
if (nRet != 0)
{
if (cert != null)
{
cert_ptr = cert.Handle;
}
if (key != null)
{
key_ptr = key.Handle;
}
}
return nRet;
}
public int InternalClientCertificateSelectionCallback(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key)
{
int nRet = 0;
x509_cert = null;
key = null;
Core.Stack<X509Name> name_stack = ssl.CAList;
string[] strIssuers = new string[name_stack.Count];
int count = 0;
foreach (X509Name name in name_stack)
{
strIssuers[count++] = name.OneLine;
}
if (localCertificateSelectionCallback != null)
{
X509Certificate cert = localCertificateSelectionCallback(this, targetHost, clientCertificates, ssl.GetPeerCertificate(), strIssuers);
if (cert != null && cert.HasPrivateKey)
{
x509_cert = cert;
key = cert.PrivateKey;
// Addref the cert and private key
x509_cert.AddRef();
key.AddRef();
// return success
nRet = 1;
}
}
return nRet;
}
public override void Close()
{
//base.Close();
if (ssl != null)
{
ssl.Dispose();
ssl = null;
}
if (sslContext != null)
{
sslContext.Dispose();
sslContext = null;
}
}
public override void Close()
{
if (disposed)
return;
if (ssl != null)
{
ssl.Dispose();
ssl = null;
}
if (sslContext != null)
{
sslContext.Dispose();
sslContext = null;
}
base.Close();
Dispose();
}
protected void InitializeClientContext(
X509List certificates,
SslProtocols enabledSslProtocols,
SslStrength sslStrength,
bool checkCertificateRevocation)
{
// Initialize the context with specified TLS version
sslContext = new SslContext(SslMethod.TLSv12_client_method, ConnectionEnd.Client, new[] {
Protocols.Http2,
Protocols.Http1
});
var options = sslContext.Options;
// Remove support for protocols not specified in the enabledSslProtocols
if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl2))
{
options |= SslOptions.SSL_OP_NO_SSLv2;
}
if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl3))
{
options |= SslOptions.SSL_OP_NO_SSLv3;
}
if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Tls))
{
options |= SslOptions.SSL_OP_NO_TLSv1;
}
sslContext.Options = options;
// Set the Local certificate selection callback
sslContext.SetClientCertCallback(OnClientCertificate);
// Set the enabled cipher list
sslContext.SetCipherList(SslCipher.MakeString(enabledSslProtocols, sslStrength));
// Set the callbacks for remote cert verification and local cert selection
if (OnRemoteCertificate != null)
{
sslContext.SetVerify(
VerifyMode.SSL_VERIFY_PEER |
VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
OnRemoteCertificate);
}
// Set the CA list into the store
if (caCertificates != null)
{
var store = new X509Store(caCertificates);
sslContext.SetCertificateStore(store);
}
// Set up the read/write bio's
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
ssl = new Ssl(sslContext);
sniCb = sniExt.ClientSniCb;
sniExt.AttachSniExtensionClient(ssl.Handle, sslContext.Handle, sniCb);
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into Client mode
ssl.SetConnectState();
}
private int OnClientCertThunk(IntPtr ptrSsl, out IntPtr ptrCert, out IntPtr ptrKey)
{
ptrCert = IntPtr.Zero;
ptrKey = IntPtr.Zero;
var ssl = new Ssl(ptrSsl, false);
X509Certificate cert;
CryptoKey key;
var ret = OnClientCert(ssl, out cert, out key);
if (ret != 0)
{
if (cert != null)
ptrCert = cert.Handle;
if (key != null)
ptrKey = key.Handle;
}
return ret;
}
private int OnClientCertificate(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key)
{
x509_cert = null;
key = null;
var name_stack = ssl.CAList;
var strIssuers = new string[name_stack.Count];
var count = 0;
foreach (var name in name_stack)
{
strIssuers[count++] = name.OneLine;
}
if (OnLocalCertificate != null)
{
var cert = OnLocalCertificate(
this,
targetHost,
clientCertificates,
ssl.GetPeerCertificate(),
strIssuers
);
if (cert != null && cert.HasPrivateKey)
{
x509_cert = cert;
key = cert.PrivateKey;
// Addref the cert and private key
x509_cert.AddRef();
key.AddRef();
// return success
return 1;
}
}
return 0;
}
