Example #1
0
        public SslStreamServer(
            Stream stream, 
            bool ownStream,
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation,
            RemoteCertificateValidationHandler remote_callback)
            : base(stream, ownStream)
        {
            this.checkCertificateRevocationStatus = checkCertificateRevocation;
            this.remoteCertificateSelectionCallback = remote_callback;

            // Initialize the SslContext object
            InitializeServerContext(serverCertificate, clientCertificateRequired, caCerts, enabledSslProtocols, sslStrength, checkCertificateRevocation);
            
            // Initalize the Ssl object
            ssl = new Ssl(sslContext);
            // Initialze the read/write bio
            read_bio = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            // Set the read/write bio's into the the Ssl object
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into server mode
            ssl.SetAcceptState();
        }
Example #2
0
        protected void InitializeClientContext(X509List certificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation)
        {
            // Initialize the context with the specified SSL version
            // Initialize the context
            sslContext = new SslContext(SslMethod.SSLv23_client_method);

            // Remove support for protocols not specified in the enabledSslProtocols
            if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            }
            if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
                ((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
            {
                // no SSLv3 support
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
            }
            if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
                (enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
            }

            // Set the Local certificate selection callback
            sslContext.SetClientCertCallback(internalCertificateSelectionCallback);

            // Set the enabled cipher list
            sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));

            // Set the callbacks for remote cert verification and local cert selection
            if (remoteCertificateSelectionCallback != null)
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
            }

            // Set the CA list into the store
            if (caCertificates != null)
            {
                var store = new X509Store(caCertificates);
                sslContext.SetCertificateStore(store);
            }

            // Set up the read/write bio's
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            ssl       = new Ssl(sslContext);
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);

            // Set the Ssl object into Client mode
            ssl.SetConnectState();
        }
Example #3
0
 public override void Close()
 {
     //base.Close();
     if (ssl != null)
     {
         ssl.Dispose();
         ssl = null;
     }
     if (sslContext != null)
     {
         sslContext.Dispose();
         sslContext = null;
     }
 }
Example #4
0
        public override void Close()
        {
            if (disposed)
            {
                return;
            }

            if (ssl != null)
            {
                ssl.Dispose();
                ssl = null;
            }
            if (sslContext != null)
            {
                sslContext.Dispose();
                sslContext = null;
            }

            base.Close();
            this.Dispose();
        }
        public SslStreamServer(
            Stream stream,
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation,
            RemoteCertificateValidationHandler remote_callback) : base(stream)
        {
            checkCertificateRevocationStatus = checkCertificateRevocation;
            OnRemoteCertificate = remote_callback;

            // Initialize the SslContext object
            InitializeServerContext(
                serverCertificate,
                clientCertificateRequired,
                caCerts,
                enabledSslProtocols,
                sslStrength,
                checkCertificateRevocation);

            // Initalize the Ssl object
            ssl = new Ssl(sslContext);

            sniCb = sniExt.ServerSniCb;
            sniExt.AttachSniExtensionServer(ssl.Handle, sslContext.Handle, sniCb);

            // Initialze the read/write bio
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            // Set the read/write bio's into the the Ssl object
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into server mode
            ssl.SetAcceptState();
        }
        public SslAnonStreamServer(
            Stream stream, 
            bool ownStream,
            DH dh,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength)
            : base(stream, ownStream)
        {
            // Initialize the SslContext object
            InitializeServerContext(dh, enabledSslProtocols, sslStrength);

            // Initalize the Ssl object
            ssl = new Ssl(sslContext);
            // Initialze the read/write bio
            read_bio = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            // Set the read/write bio's into the the Ssl object
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into server mode
            ssl.SetAcceptState();
        }
        public SslAnonStreamServer(
            Stream stream,
            bool ownStream,
            DH dh,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength)
            : base(stream, ownStream)
        {
            // Initialize the SslContext object
            InitializeServerContext(dh, enabledSslProtocols, sslStrength);

            // Initalize the Ssl object
            ssl = new Ssl(sslContext);
            // Initialze the read/write bio
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            // Set the read/write bio's into the the Ssl object
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into server mode
            ssl.SetAcceptState();
        }
        private int OnClientCertificate(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key)
        {
            x509_cert = null;
            key       = null;

            var name_stack = ssl.CAList;
            var strIssuers = new string[name_stack.Count];
            var count      = 0;

            foreach (var name in name_stack)
            {
                strIssuers[count++] = name.OneLine;
            }

            if (OnLocalCertificate != null)
            {
                var cert = OnLocalCertificate(
                    this,
                    targetHost,
                    clientCertificates,
                    ssl.GetPeerCertificate(),
                    strIssuers
                    );
                if (cert != null && cert.HasPrivateKey)
                {
                    x509_cert = cert;
                    key       = cert.PrivateKey;
                    // Addref the cert and private key
                    x509_cert.AddRef();
                    key.AddRef();
                    // return success
                    return(1);
                }
            }

            return(0);
        }
Example #9
0
            internal int OnClientCertThunk(IntPtr ssl_ptr, out IntPtr cert_ptr, out IntPtr key_ptr)
            {
                X509Certificate cert = null;
                CryptoKey       key  = null;
                Ssl             ssl  = new Ssl(ssl_ptr, false);

                cert_ptr = IntPtr.Zero;
                key_ptr  = IntPtr.Zero;

                int nRet = OnClientCertCallback(ssl, out cert, out key);

                if (nRet != 0)
                {
                    if (cert != null)
                    {
                        cert_ptr = cert.Handle;
                    }
                    if (key != null)
                    {
                        key_ptr = key.Handle;
                    }
                }
                return(nRet);
            }
Example #10
0
		protected void InitializeClientContext(X509List certificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation)
		{
			// Initialize the context with the specified ssl version
			// Initialize the context
			sslContext = new SslContext(SslMethod.SSLv23_client_method);

			// Remove support for protocols not specified in the enabledSslProtocols
			if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
			{
				sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
			}
			if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
				((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
			{
				// no SSLv3 support
				sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
			}
			if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
				(enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
			{
				sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
			}

			// Set the Local certificate selection callback
			sslContext.SetClientCertCallback(this.internalCertificateSelectionCallback);
			// Set the enabled cipher list
			sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
			// Set the callbacks for remote cert verification and local cert selection
			if (remoteCertificateSelectionCallback != null)
			{
				sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
			}
			// Set the CA list into the store
			if (caCertificates != null)
			{
				X509Store store = new X509Store(caCertificates);
				sslContext.SetCertificateStore(store);
			}
			// Set up the read/write bio's
			read_bio = BIO.MemoryBuffer(false);
			write_bio = BIO.MemoryBuffer(false);
			ssl = new Ssl(sslContext);
			ssl.SetBIO(read_bio, write_bio);
			read_bio.SetClose(BIO.CloseOption.Close);
			write_bio.SetClose(BIO.CloseOption.Close);
			// Set the Ssl object into Client mode
			ssl.SetConnectState();
		}
        protected void InitializeClientContext(
            X509List certificates,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation)
        {
            // Initialize the context with specified TLS version
            sslContext = new SslContext(SslMethod.TLSv12_client_method, ConnectionEnd.Client, new[] {
                Protocols.Http2,
                Protocols.Http1
            });

            var options = sslContext.Options;

            // Remove support for protocols not specified in the enabledSslProtocols
            if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl2))
            {
                options |= SslOptions.SSL_OP_NO_SSLv2;
            }

            if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl3))
            {
                options |= SslOptions.SSL_OP_NO_SSLv3;
            }

            if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Tls))
            {
                options |= SslOptions.SSL_OP_NO_TLSv1;
            }

            sslContext.Options = options;

            // Set the Local certificate selection callback
            sslContext.SetClientCertCallback(OnClientCertificate);
            // Set the enabled cipher list
            sslContext.SetCipherList(SslCipher.MakeString(enabledSslProtocols, sslStrength));
            // Set the callbacks for remote cert verification and local cert selection
            if (OnRemoteCertificate != null)
            {
                sslContext.SetVerify(
                    VerifyMode.SSL_VERIFY_PEER |
                    VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                    OnRemoteCertificate);
            }
            // Set the CA list into the store
            if (caCertificates != null)
            {
                var store = new X509Store(caCertificates);
                sslContext.SetCertificateStore(store);
            }
            // Set up the read/write bio's
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            ssl       = new Ssl(sslContext);

            sniCb = sniExt.ClientSniCb;
            sniExt.AttachSniExtensionClient(ssl.Handle, sslContext.Handle, sniCb);

            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into Client mode
            ssl.SetConnectState();
        }
Example #12
0
            internal int OnClientCertThunk(IntPtr ssl_ptr, out IntPtr cert_ptr, out IntPtr key_ptr)
            {
                X509Certificate cert = null;
                CryptoKey key = null;
                Ssl ssl = new Ssl(ssl_ptr, false);
                cert_ptr = IntPtr.Zero;
                key_ptr = IntPtr.Zero;

                int nRet = OnClientCertCallback(ssl, out cert, out key);
                if (nRet != 0)
                {
                    if (cert != null)
                    {
                        cert_ptr = cert.Handle;
                    }
                    if (key != null)
                    {
                        key_ptr = key.Handle;
                    }
                }
                return nRet;
            }
Example #13
0
		public int InternalClientCertificateSelectionCallback(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key)
		{
			int nRet = 0;
			x509_cert = null;
			key = null;

			Core.Stack<X509Name> name_stack = ssl.CAList;
			string[] strIssuers = new string[name_stack.Count];
			int count = 0;

			foreach (X509Name name in name_stack)
			{
				strIssuers[count++] = name.OneLine;
			}

			if (localCertificateSelectionCallback != null)
			{
				X509Certificate cert = localCertificateSelectionCallback(this, targetHost, clientCertificates, ssl.GetPeerCertificate(), strIssuers);
				if (cert != null && cert.HasPrivateKey)
				{
					x509_cert = cert;
					key = cert.PrivateKey;
					// Addref the cert and private key
					x509_cert.AddRef();
					key.AddRef();
					// return success
					nRet = 1;
				}
			}

			return nRet;
		}
Example #14
0
		public override void Close()
		{
			//base.Close();
			if (ssl != null)
			{
				ssl.Dispose();
				ssl = null;
			}
			if (sslContext != null)
			{
				sslContext.Dispose();
				sslContext = null;
			}
		}
Example #15
0
		public override void Close()
		{
			if (disposed)
				return;

			if (ssl != null)
			{
				ssl.Dispose();
				ssl = null;
			}
			if (sslContext != null)
			{
				sslContext.Dispose();
				sslContext = null;
			}

			base.Close();
			Dispose();
		}
Example #16
0
		protected void InitializeClientContext(
			X509List certificates,
			SslProtocols enabledSslProtocols,
			SslStrength sslStrength,
			bool checkCertificateRevocation)
		{
			// Initialize the context with specified TLS version
			sslContext = new SslContext(SslMethod.TLSv12_client_method, ConnectionEnd.Client, new[] {
				Protocols.Http2,
				Protocols.Http1
			});
            
			var options = sslContext.Options;

			// Remove support for protocols not specified in the enabledSslProtocols
			if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl2))
			{
				options |= SslOptions.SSL_OP_NO_SSLv2;
			}

			if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Ssl3))
			{
				options |= SslOptions.SSL_OP_NO_SSLv3;
			}

			if (!EnumExtensions.HasFlag(enabledSslProtocols, SslProtocols.Tls))
			{
				options |= SslOptions.SSL_OP_NO_TLSv1;
			}

			sslContext.Options = options;

			// Set the Local certificate selection callback
			sslContext.SetClientCertCallback(OnClientCertificate);
			// Set the enabled cipher list
			sslContext.SetCipherList(SslCipher.MakeString(enabledSslProtocols, sslStrength));
			// Set the callbacks for remote cert verification and local cert selection
			if (OnRemoteCertificate != null)
			{
				sslContext.SetVerify(
					VerifyMode.SSL_VERIFY_PEER |
					VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 
					OnRemoteCertificate);
			}
			// Set the CA list into the store
			if (caCertificates != null)
			{
				var store = new X509Store(caCertificates);
				sslContext.SetCertificateStore(store);
			}
			// Set up the read/write bio's
			read_bio = BIO.MemoryBuffer(false);
			write_bio = BIO.MemoryBuffer(false);
			ssl = new Ssl(sslContext);

			sniCb = sniExt.ClientSniCb;
			sniExt.AttachSniExtensionClient(ssl.Handle, sslContext.Handle, sniCb);

			ssl.SetBIO(read_bio, write_bio);
			read_bio.SetClose(BIO.CloseOption.Close);
			write_bio.SetClose(BIO.CloseOption.Close);
			// Set the Ssl object into Client mode
			ssl.SetConnectState();
		}
Example #17
0
		private int OnClientCertThunk(IntPtr ptrSsl, out IntPtr ptrCert, out IntPtr ptrKey)
		{
			ptrCert = IntPtr.Zero;
			ptrKey = IntPtr.Zero;

			var ssl = new Ssl(ptrSsl, false);
			X509Certificate cert;
			CryptoKey key;

			var ret = OnClientCert(ssl, out cert, out key);
			if (ret != 0)
			{
				if (cert != null)
					ptrCert = cert.Handle;

				if (key != null)
					ptrKey = key.Handle;
			}
			return ret;
		}
Example #18
0
		private int OnClientCertificate(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key)
		{
			x509_cert = null;
			key = null;

			var name_stack = ssl.CAList;
			var strIssuers = new string[name_stack.Count];
			var count = 0;

			foreach (var name in name_stack)
			{
				strIssuers[count++] = name.OneLine;
			}

			if (OnLocalCertificate != null)
			{
				var cert = OnLocalCertificate(
					           this, 
					           targetHost, 
					           clientCertificates, 
					           ssl.GetPeerCertificate(), 
					           strIssuers
				           );
				if (cert != null && cert.HasPrivateKey)
				{
					x509_cert = cert;
					key = cert.PrivateKey;
					// Addref the cert and private key
					x509_cert.AddRef();
					key.AddRef();
					// return success
					return 1;
				}
			}

			return 0;
		}