/// <exception cref="System.IO.IOException"></exception>
        public void Verify(string host, SSLSocket ssl)
        {
            if (host == null)
            {
                throw new ArgumentNullException("host to verify is null");
            }
            SSLSession session = ssl.GetSession();

            if (session == null)
            {
                // In our experience this only happens under IBM 1.4.x when
                // spurious (unrelated) certificates show up in the server'
                // chain.  Hopefully this will unearth the real problem:
                InputStream @in = ssl.GetInputStream();
                @in.Available();
                // If ssl.getInputStream().available() didn't cause an
                // exception, maybe at least now the session is available?
                session = ssl.GetSession();
                if (session == null)
                {
                    // If it's still null, probably a startHandshake() will
                    // unearth the real problem.
                    ssl.StartHandshake();
                    // Okay, if we still haven't managed to cause an exception,
                    // might as well go for the NPE.  Or maybe we're okay now?
                    session = ssl.GetSession();
                }
            }
            Certificate[]   certs = session.GetPeerCertificates();
            X509Certificate x509  = (X509Certificate)certs[0];

            Verify(host, x509);
        }
Example #2
0
        public void Connect(int sendTimeout = -1, int receiveTimeout = -1)
        {
            SSLSocket sslSocket = null;
            var       f         = SSLSocketFactory.Default as SSLSocketFactory;

            sslSocket = f.CreateSocket(_remoteHostName, _remotePort) as SSLSocket;
            _socket   = sslSocket;

            _socket.SoTimeout = receiveTimeout == -1 ? 0 : receiveTimeout;

            sslSocket.StartHandshake();

            _socket.SoTimeout = 0;
        }
Example #3
0
        /// <exception cref="System.IO.IOException"></exception>
        public virtual System.Net.Sockets.Socket CreateLayeredSocket(System.Net.Sockets.Socket
                                                                     socket, string target, int port, HttpContext context)
        {
            SSLSocket sslsock = (SSLSocket)this.socketfactory.CreateSocket(socket, target, port
                                                                           , true);

            if (supportedProtocols != null)
            {
                sslsock.SetEnabledProtocols(supportedProtocols);
            }
            if (supportedCipherSuites != null)
            {
                sslsock.SetEnabledCipherSuites(supportedCipherSuites);
            }
            PrepareSocket(sslsock);
            sslsock.StartHandshake();
            VerifyHostname(sslsock, target);
            return(sslsock);
        }
Example #4
0
 /// <exception cref="System.IO.IOException"></exception>
 public virtual System.Net.Sockets.Socket ConnectSocket(int connectTimeout, System.Net.Sockets.Socket
                                                        socket, HttpHost host, IPEndPoint remoteAddress, IPEndPoint localAddress, HttpContext
                                                        context)
 {
     Args.NotNull(host, "HTTP host");
     Args.NotNull(remoteAddress, "Remote address");
     System.Net.Sockets.Socket sock = socket != null ? socket : CreateSocket(context);
     if (localAddress != null)
     {
         sock.Bind2(localAddress);
     }
     try
     {
         sock.Connect(remoteAddress, connectTimeout);
     }
     catch (IOException ex)
     {
         try
         {
             sock.Close();
         }
         catch (IOException)
         {
         }
         throw;
     }
     // Setup SSL layering if necessary
     if (sock is SSLSocket)
     {
         SSLSocket sslsock = (SSLSocket)sock;
         sslsock.StartHandshake();
         VerifyHostname(sslsock, host.GetHostName());
         return(sock);
     }
     else
     {
         return(CreateLayeredSocket(sock, host.GetHostName(), remoteAddress.Port, context));
     }
 }
            /// <exception cref="System.IO.IOException"/>
            public override void Check(string[] host, SSLSocket ssl)
            {
                if (host == null)
                {
                    throw new ArgumentNullException("host to verify is null");
                }
                SSLSession session = ssl.GetSession();

                if (session == null)
                {
                    // In our experience this only happens under IBM 1.4.x when
                    // spurious (unrelated) certificates show up in the server'
                    // chain.  Hopefully this will unearth the real problem:
                    InputStream @in = ssl.GetInputStream();
                    @in.Available();

                    /*
                     * If you're looking at the 2 lines of code above because
                     * you're running into a problem, you probably have two
                     * options:
                     *
                     #1.  Clean up the certificate chain that your server
                     * is presenting (e.g. edit "/etc/apache2/server.crt"
                     * or wherever it is your server's certificate chain
                     * is defined).
                     *
                     * OR
                     *
                     #2.   Upgrade to an IBM 1.5.x or greater JVM, or switch
                     * to a non-IBM JVM.
                     */
                    // If ssl.getInputStream().available() didn't cause an
                    // exception, maybe at least now the session is available?
                    session = ssl.GetSession();
                    if (session == null)
                    {
                        // If it's still null, probably a startHandshake() will
                        // unearth the real problem.
                        ssl.StartHandshake();
                        // Okay, if we still haven't managed to cause an exception,
                        // might as well go for the NPE.  Or maybe we're okay now?
                        session = ssl.GetSession();
                    }
                }
                Certificate[] certs;
                try
                {
                    certs = session.GetPeerCertificates();
                }
                catch (SSLPeerUnverifiedException spue)
                {
                    InputStream @in = ssl.GetInputStream();
                    @in.Available();
                    // Didn't trigger anything interesting?  Okay, just throw
                    // original.
                    throw;
                }
                X509Certificate x509 = (X509Certificate)certs[0];

                Check(host, x509);
            }