Example #1
0
		protected void InitializeClientContext(X509List certificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation)
		{
			// Initialize the context with the specified ssl version
			// Initialize the context
			sslContext = new SslContext(SslMethod.SSLv23_client_method);

			// Remove support for protocols not specified in the enabledSslProtocols
			if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
			{
				sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
			}
			if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
				((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
			{
				// no SSLv3 support
				sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
			}
			if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
				(enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
			{
				sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
			}

			// Set the Local certificate selection callback
			sslContext.SetClientCertCallback(this.internalCertificateSelectionCallback);
			// Set the enabled cipher list
			sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
			// Set the callbacks for remote cert verification and local cert selection
			if (remoteCertificateSelectionCallback != null)
			{
				sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
			}
			// Set the CA list into the store
			if (caCertificates != null)
			{
				X509Store store = new X509Store(caCertificates);
				sslContext.SetCertificateStore(store);
			}
			// Set up the read/write bio's
			read_bio = BIO.MemoryBuffer(false);
			write_bio = BIO.MemoryBuffer(false);
			ssl = new Ssl(sslContext);
			ssl.SetBIO(read_bio, write_bio);
			read_bio.SetClose(BIO.CloseOption.Close);
			write_bio.SetClose(BIO.CloseOption.Close);
			// Set the Ssl object into Client mode
			ssl.SetConnectState();
		}
Example #2
0
        private void InitializeServerContextUsingPsk(string pskCiphers)
        {
            // Initialize the context
            //sslContext = new SslContext(SslMethod.SSLv23_server_method);
            sslContext = new SslContext(SslMethod.TLSv1_server_method);
            //sslContext = new SslContext(SslMethod.SSLv3_server_method);

            // Remove support for protocols that should not be supported
            sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;

            // Set the context mode
            sslContext.Mode = SslMode.SSL_MODE_AUTO_RETRY;
            // Set the workaround options
            sslContext.Options = SslOptions.SSL_OP_ALL;
            sslContext.SetVerify(VerifyMode.SSL_VERIFY_NONE, null);

            // Set the cipher string
            // WARNING: Using PSK ciphers requires that the PSK callback be set and initialize the identity and psk value.
            // Failure to do this will cause the PSK ciphers to be skipped when picking a shared cipher.
            // The result will be an error because of "no shared ciphers".
//            sslContext.SetCipherList("PSK-AES256-CBC-SHA:PSK-3DES-EDE-CBC-SHA:PSK-AES128-CBC-SHA:PSK-RC4-SHA");
            sslContext.SetCipherList(pskCiphers);

            // Set the session id context
            sslContext.SetSessionIdContext(Encoding.ASCII.GetBytes(AppDomain.CurrentDomain.FriendlyName));

            // Set the PSK callbacks
            sslContext.SetPskServerCallback(this.internalPskServerCallback);
        }
Example #3
0
        private void InitializeServerContext(
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation)
        {
            if (serverCertificate == null)
            {
                throw new ArgumentNullException("serverCertificate", "Server certificate cannot be null");
            }
            if (!serverCertificate.HasPrivateKey)
            {
                throw new ArgumentException("Server certificate must have a private key", "serverCertificate");
            }

            // Initialize the context
            sslContext = new SslContext(SslMethod.SSLv23_server_method);
            
            // Remove support for protocols not specified in the enabledSslProtocols
            if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            }
            if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
                ((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
            {
                // no SSLv3 support
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
            }
            if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
                (enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
            }
            /*
            // Initialize the context with the specified ssl version
            switch (enabledSslProtocols)
            {
                case SslProtocols.None:
                    throw new ArgumentException("SslProtocol.None is not supported", "enabledSslProtocols");
                    break;
                case SslProtocols.Ssl2:
                    sslContext = new SslContext(SslMethod.SSLv2_server_method);
                    break;
                case SslProtocols.Ssl3:
                case SslProtocols.Default:
                    sslContext = new SslContext(SslMethod.SSLv3_server_method);
                    break;
                case SslProtocols.Tls:
                    sslContext = new SslContext(SslMethod.TLSv1_server_method);
                    break;
            }
            */
            // Set the context mode
            sslContext.Mode = SslMode.SSL_MODE_AUTO_RETRY;
            // Set the workaround options
            sslContext.Options = SslOptions.SSL_OP_ALL;
            // Set the client certificate verification callback if we are requiring client certs
            if (clientCertificateRequired)
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
            }
            else
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_NONE, null);
            }

            // Set the client certificate max verification depth
            sslContext.SetVerifyDepth(10);
            // Set the certificate store and ca list
            if (caCerts != null)
            {
                // Don't take ownership of the X509Store IntPtr.  When we
                // SetCertificateStore, the context takes ownership of the store pointer.
                X509Store cert_store = new X509Store(caCerts, false);
                sslContext.SetCertificateStore(cert_store);
                Core.Stack<X509Name> name_stack = new Core.Stack<X509Name>();
                foreach (X509Certificate cert in caCerts)
                {
                    X509Name subject = cert.Subject;
                    name_stack.Add(subject);
                }
                // Assign the stack to the context
                sslContext.CAList = name_stack;
            }
            // Set the cipher string
            sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
            // Set the certificate
            sslContext.UseCertificate(serverCertificate);
            // Set the private key
            sslContext.UsePrivateKey(serverCertificate.PrivateKey);
            // Set the session id context
            sslContext.SetSessionIdContext(Encoding.ASCII.GetBytes(AppDomain.CurrentDomain.FriendlyName));
        }
Example #4
0
		public override void Close()
		{
			//base.Close();
			if (ssl != null)
			{
				ssl.Dispose();
				ssl = null;
			}
			if (sslContext != null)
			{
				sslContext.Dispose();
				sslContext = null;
			}
		}
Example #5
0
File: Ssl.cs Project: wlasser/D3Emu
 /// <summary>
 /// Calls SSL_new()
 /// </summary>
 /// <param name="ctx"></param>
 public Ssl(SslContext ctx) :
     base(Native.ExpectNonNull(Native.SSL_new(ctx.Handle)), true)
 {
 }
Example #6
0
        private void InitializeServerContext(
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation)
        {
            if (serverCertificate == null)
            {
                throw new ArgumentNullException("serverCertificate", "Server certificate cannot be null");
            }
            if (!serverCertificate.HasPrivateKey)
            {
                throw new ArgumentException("Server certificate must have a private key", "serverCertificate");
            }

            // Initialize the context
            sslContext = new SslContext(SslMethod.SSLv23_server_method);

            // Remove support for protocols not specified in the enabledSslProtocols
            if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            }
            if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
                ((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
            {
                // no SSLv3 support
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
            }
            if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
                (enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
            }

            /*
             * // Initialize the context with the specified ssl version
             * switch (enabledSslProtocols)
             * {
             *  case SslProtocols.None:
             *      throw new ArgumentException("SslProtocol.None is not supported", "enabledSslProtocols");
             *      break;
             *  case SslProtocols.Ssl2:
             *      sslContext = new SslContext(SslMethod.SSLv2_server_method);
             *      break;
             *  case SslProtocols.Ssl3:
             *  case SslProtocols.Default:
             *      sslContext = new SslContext(SslMethod.SSLv3_server_method);
             *      break;
             *  case SslProtocols.Tls:
             *      sslContext = new SslContext(SslMethod.TLSv1_server_method);
             *      break;
             * }
             */
            // Set the context mode
            sslContext.Mode = SslMode.SSL_MODE_AUTO_RETRY;
            // Set the workaround options
            sslContext.Options = SslOptions.SSL_OP_ALL;
            // Set the client certificate verification callback if we are requiring client certs
            if (clientCertificateRequired)
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
            }
            else
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_NONE, null);
            }

            // Set the client certificate max verification depth
            sslContext.SetVerifyDepth(10);
            // Set the certificate store and ca list
            if (caCerts != null)
            {
                // Don't take ownership of the X509Store IntPtr.  When we
                // SetCertificateStore, the context takes ownership of the store pointer.
                X509Store cert_store = new X509Store(caCerts, false);
                sslContext.SetCertificateStore(cert_store);
                Core.Stack <X509Name> name_stack = new Core.Stack <X509Name>();
                foreach (X509Certificate cert in caCerts)
                {
                    X509Name subject = cert.Subject;
                    name_stack.Add(subject);
                }
                // Assign the stack to the context
                sslContext.CAList = name_stack;
            }
            // Set the cipher string
            sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
            // Set the certificate
            sslContext.UseCertificate(serverCertificate);
            // Set the private key
            sslContext.UsePrivateKey(serverCertificate.PrivateKey);
            // Set the session id context
            sslContext.SetSessionIdContext(Encoding.ASCII.GetBytes(AppDomain.CurrentDomain.FriendlyName));
        }
Example #7
0
        protected void InitializeClientContextUsingPsk(string pskCiphers)
        {
            // Initialize the context with the specified ssl version
            //sslContext = new SslContext(SslMethod.SSLv23_client_method);
            sslContext = new SslContext(SslMethod.TLSv1_client_method);
            //sslContext = new SslContext(SslMethod.SSLv3_client_method);

            // Remove support for protocols that should not be supported
            sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;

            // Set the enabled cipher list
            // WARNING: Using PSK ciphers requires that the PSK callback be set and initialize the identity and psk value.
            // Failure to do this will cause the PSK ciphers to be skipped when picking a shared cipher.
            // The result will be an error because of "no shared ciphers".
//            sslContext.SetCipherList("PSK-AES256-CBC-SHA:PSK-3DES-EDE-CBC-SHA:PSK-AES128-CBC-SHA:PSK-RC4-SHA");
            sslContext.SetCipherList(pskCiphers);

            // Set the PSK callbacks
            sslContext.SetPskClientCallback(this.internalPskClientCallback);

            // Set up the read/write bio's
            read_bio = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            ssl = new Ssl(sslContext);
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
			ssl.SetConnectState();
		}