private async ValueTask <SslStream> EstablishSslConnection(string host, HttpRequestMessage request, Stream stream)
{
RemoteCertificateValidationCallback callback = null;
if (_settings._serverCertificateCustomValidationCallback != null)
{
callback = (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
{
return(_settings._serverCertificateCustomValidationCallback(request, certificate as X509Certificate2, chain, sslPolicyErrors));
};
}
SslStream sslStream = new SslStream(stream, false, callback);
try
{
// TODO #21452: No cancellationToken?
await sslStream.AuthenticateAsClientAsync(host, _settings._clientCertificates, _settings._sslProtocols, _settings._checkCertificateRevocationList).ConfigureAwait(false);
}
catch (Exception e)
{
sslStream.Dispose();
if (e is AuthenticationException || e is IOException)
{
// TODO #21452: Tests expect HttpRequestException here. Is that correct behavior?
throw new HttpRequestException("could not establish SSL connection", e);
}
throw;
}
return(sslStream);
}
private async ValueTask <SslStream> EstablishSslConnection(string host, HttpRequestMessage request, Stream stream)
{
RemoteCertificateValidationCallback callback = null;
if (_settings._serverCertificateCustomValidationCallback != null)
{
callback = (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
{
return(_settings._serverCertificateCustomValidationCallback(request, certificate as X509Certificate2, chain, sslPolicyErrors));
};
}
SslStream sslStream = new SslStream(stream, false, callback);
try
{
// TODO https://github.com/dotnet/corefx/issues/23077#issuecomment-321807131: No cancellationToken?
await sslStream.AuthenticateAsClientAsync(host, _settings._clientCertificates, _settings._sslProtocols, _settings._checkCertificateRevocationList).ConfigureAwait(false);
}
catch (Exception e)
{
sslStream.Dispose();
if (e is AuthenticationException || e is IOException)
{
throw new HttpRequestException(SR.net_http_ssl_connection_failed, e);
}
throw;
}
return(sslStream);
}
private async ValueTask <SslStream> EstablishSslConnection(string host, HttpRequestMessage request, Stream stream, CancellationToken cancellationToken)
{
RemoteCertificateValidationCallback callback = null;
if (_settings._serverCertificateCustomValidationCallback != null)
{
callback = (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) =>
{
try
{
return(_settings._serverCertificateCustomValidationCallback(request, certificate as X509Certificate2, chain, sslPolicyErrors));
}
catch (Exception e)
{
throw new HttpRequestException(SR.net_http_ssl_connection_failed, e);
}
};
}
var sslStream = new SslStream(stream);
try
{
await sslStream.AuthenticateAsClientAsync(new SslClientAuthenticationOptions
{
TargetHost = host,
ClientCertificates = _settings._clientCertificates,
EnabledSslProtocols = _settings._sslProtocols,
CertificateRevocationCheckMode = _settings._checkCertificateRevocationList ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
RemoteCertificateValidationCallback = callback
}, cancellationToken).ConfigureAwait(false);
}
catch (Exception e)
{
sslStream.Dispose();
if (e is AuthenticationException || e is IOException)
{
throw new HttpRequestException(SR.net_http_ssl_connection_failed, e);
}
throw;
}
return(sslStream);
}
