/// <summary> /// Build a new SSL steam. /// </summary> /// <returns>Stream which is ready to be used (must have been validated)</returns> public SslStream Build(ISslContainer connection) { connection.SslCertificates = new SslCertificatePair { Certificate = Certificate }; var stream = new SslStream(connection.Client.GetStream(), true, (s, cert, chain, err) => OnRemoteCertificateValidation(connection, cert, chain, err), OnCertificateSelection); try { X509CertificateCollection certificates = null; if (Certificate != null) { certificates = new X509CertificateCollection(new[] { Certificate }); } var task = stream.AuthenticateAsClientAsync(CommonName, certificates, Protocols, false); task.Wait(); } catch (IOException err) { throw new SslException("Failed to authenticate", err); } catch (ObjectDisposedException err) { throw new SslException("Failed to create stream, did client disconnect directly?", err); } catch (AuthenticationException err) { throw new SslException("Failed to authenticate", err); } return(stream); }
public SslStream Build(ISslContainer connection) { connection.SslCertificates = new SslCertificatePair { Certificate = Certificate }; var stream = new SslStream(connection.Client.GetStream(), true, (s, cert, chain, err) => OnRemoteCertificateValidation(connection, cert, chain, err)); try { var task = stream.AuthenticateAsServerAsync(Certificate, UseClientCertificate, Protocols, CheckCertificateRevocation); task.Wait(); } catch (IOException err) { throw new SslException("Failed to authenticate", err); } catch (ObjectDisposedException err) { throw new SslException("Failed to create stream, did client disconnect directly?", err); } catch (AuthenticationException err) { throw new SslException("Failed to authenticate", err); } return(stream); }
/// <summary> /// Used to validate the certificate that the server have provided. /// </summary> /// <param name="sender">Server.</param> /// <param name="certificate">The certificate.</param> /// <param name="chain">The chain.</param> /// <param name="sslpolicyerrors">The sslpolicyerrors.</param> /// <returns><c>true</c> if the certificate will be allowed, otherwise <c>false</c>.</returns> protected virtual bool OnRemoteCertificateValidation(ISslContainer sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors) { ((SslCertificatePair)sender.SslCertificates).RemoteCertificate = new BasicCertificateInfo(certificate); ((SslCertificatePair)sender.SslCertificates).RemotePolicyErrors = sslpolicyerrors; return(sslpolicyerrors == SslPolicyErrors.None); //return (Certificate != null && certificate == null) || (Certificate == null && certificate != null); }
protected virtual bool OnRemoteCertificateValidation(ISslContainer sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslpolicyerrors) { ((SslCertificatePair)sender.SslCertificates).RemoteCertificate = new BasicCertificateInfo(certificate); ((SslCertificatePair)sender.SslCertificates).RemotePolicyErrors = sslpolicyerrors; if (UseClientCertificate) { if (sslpolicyerrors != SslPolicyErrors.None) { return(false); } } return(true); }