//TODO (Issue #3362) Set remote certificate options
internal static SafeSslHandle AllocateSslContext(long options, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, bool isServer, bool remoteCertRequired)
{
SafeSslHandle context = null;
IntPtr method = GetSslMethod(isServer, options);
using (libssl.SafeSslContextHandle innerContext = new libssl.SafeSslContextHandle(method))
{
if (innerContext.IsInvalid)
{
throw CreateSslException("Failed to allocate SSL/TLS context");
}
libssl.SSL_CTX_ctrl(innerContext, libssl.SSL_CTRL_OPTIONS, options, IntPtr.Zero);
libssl.SSL_CTX_set_quiet_shutdown(innerContext, 1);
if (certHandle != null && certKeyHandle != null)
{
SetSslCertificate(innerContext, certHandle, certKeyHandle);
}
context = SafeSslHandle.Create(innerContext, isServer);
Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create");
if (context.IsInvalid)
{
context.Dispose();
throw CreateSslException("Failed to create SSL object from SSL context");
}
}
return(context);
}
internal static SafeSslHandle AllocateSslContext(long options, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, string encryptionPolicy, bool isServer, bool remoteCertRequired)
{
SafeSslHandle context = null;
IntPtr method = GetSslMethod(isServer, options);
using (libssl.SafeSslContextHandle innerContext = Crypto.SslCtxCreate(method))
{
if (innerContext.IsInvalid)
{
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
libssl.SSL_CTX_ctrl(innerContext, libssl.SSL_CTRL_OPTIONS, options, IntPtr.Zero);
libssl.SSL_CTX_set_quiet_shutdown(innerContext, 1);
libssl.SSL_CTX_set_cipher_list(innerContext, encryptionPolicy);
if (certHandle != null && certKeyHandle != null)
{
SetSslCertificate(innerContext, certHandle, certKeyHandle);
}
if (remoteCertRequired)
{
Debug.Assert(isServer, "isServer flag should be true");
libssl.SSL_CTX_set_verify(innerContext,
(int)libssl.ClientCertOption.SSL_VERIFY_PEER |
(int)libssl.ClientCertOption.SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
s_verifyClientCertificate);
//update the client CA list
UpdateCAListFromRootStore(innerContext);
}
context = SafeSslHandle.Create(innerContext, isServer);
Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create");
if (context.IsInvalid)
{
context.Dispose();
throw CreateSslException(SR.net_allocate_ssl_context_failed);
}
}
return(context);
}
internal static void FreeSslContext(SafeSslHandle context)
{
Debug.Assert((context != null) && !context.IsInvalid, "Expected a valid context in FreeSslContext");
Disconnect(context);
context.Dispose();
}
internal static void FreeSslContext(SafeSslHandle context)
{
Debug.Assert((context != null) && !context.IsInvalid, "Expected a valid context in FreeSslContext");
Disconnect(context);
context.Dispose();
}