/// <exception cref="System.IO.IOException"></exception> public void Verify(string host, SSLSocket ssl) { if (host == null) { throw new ArgumentNullException("host to verify is null"); } SSLSession session = ssl.GetSession(); if (session == null) { // In our experience this only happens under IBM 1.4.x when // spurious (unrelated) certificates show up in the server' // chain. Hopefully this will unearth the real problem: InputStream @in = ssl.GetInputStream(); @in.Available(); // If ssl.getInputStream().available() didn't cause an // exception, maybe at least now the session is available? session = ssl.GetSession(); if (session == null) { // If it's still null, probably a startHandshake() will // unearth the real problem. ssl.StartHandshake(); // Okay, if we still haven't managed to cause an exception, // might as well go for the NPE. Or maybe we're okay now? session = ssl.GetSession(); } } Certificate[] certs = session.GetPeerCertificates(); X509Certificate x509 = (X509Certificate)certs[0]; Verify(host, x509); }
public void Connect(int sendTimeout = -1, int receiveTimeout = -1) { SSLSocket sslSocket = null; var f = SSLSocketFactory.Default as SSLSocketFactory; sslSocket = f.CreateSocket(_remoteHostName, _remotePort) as SSLSocket; _socket = sslSocket; _socket.SoTimeout = receiveTimeout == -1 ? 0 : receiveTimeout; sslSocket.StartHandshake(); _socket.SoTimeout = 0; }
/// <exception cref="System.IO.IOException"></exception> public virtual System.Net.Sockets.Socket CreateLayeredSocket(System.Net.Sockets.Socket socket, string target, int port, HttpContext context) { SSLSocket sslsock = (SSLSocket)this.socketfactory.CreateSocket(socket, target, port , true); if (supportedProtocols != null) { sslsock.SetEnabledProtocols(supportedProtocols); } if (supportedCipherSuites != null) { sslsock.SetEnabledCipherSuites(supportedCipherSuites); } PrepareSocket(sslsock); sslsock.StartHandshake(); VerifyHostname(sslsock, target); return(sslsock); }
/// <exception cref="System.IO.IOException"></exception> public virtual System.Net.Sockets.Socket ConnectSocket(int connectTimeout, System.Net.Sockets.Socket socket, HttpHost host, IPEndPoint remoteAddress, IPEndPoint localAddress, HttpContext context) { Args.NotNull(host, "HTTP host"); Args.NotNull(remoteAddress, "Remote address"); System.Net.Sockets.Socket sock = socket != null ? socket : CreateSocket(context); if (localAddress != null) { sock.Bind2(localAddress); } try { sock.Connect(remoteAddress, connectTimeout); } catch (IOException ex) { try { sock.Close(); } catch (IOException) { } throw; } // Setup SSL layering if necessary if (sock is SSLSocket) { SSLSocket sslsock = (SSLSocket)sock; sslsock.StartHandshake(); VerifyHostname(sslsock, host.GetHostName()); return(sock); } else { return(CreateLayeredSocket(sock, host.GetHostName(), remoteAddress.Port, context)); } }
/// <exception cref="System.IO.IOException"/> public override void Check(string[] host, SSLSocket ssl) { if (host == null) { throw new ArgumentNullException("host to verify is null"); } SSLSession session = ssl.GetSession(); if (session == null) { // In our experience this only happens under IBM 1.4.x when // spurious (unrelated) certificates show up in the server' // chain. Hopefully this will unearth the real problem: InputStream @in = ssl.GetInputStream(); @in.Available(); /* * If you're looking at the 2 lines of code above because * you're running into a problem, you probably have two * options: * #1. Clean up the certificate chain that your server * is presenting (e.g. edit "/etc/apache2/server.crt" * or wherever it is your server's certificate chain * is defined). * * OR * #2. Upgrade to an IBM 1.5.x or greater JVM, or switch * to a non-IBM JVM. */ // If ssl.getInputStream().available() didn't cause an // exception, maybe at least now the session is available? session = ssl.GetSession(); if (session == null) { // If it's still null, probably a startHandshake() will // unearth the real problem. ssl.StartHandshake(); // Okay, if we still haven't managed to cause an exception, // might as well go for the NPE. Or maybe we're okay now? session = ssl.GetSession(); } } Certificate[] certs; try { certs = session.GetPeerCertificates(); } catch (SSLPeerUnverifiedException spue) { InputStream @in = ssl.GetInputStream(); @in.Available(); // Didn't trigger anything interesting? Okay, just throw // original. throw; } X509Certificate x509 = (X509Certificate)certs[0]; Check(host, x509); }