/// <exception cref="System.IO.IOException"></exception>
        public void Verify(string host, SSLSocket ssl)
        {
            if (host == null)
            {
                throw new ArgumentNullException("host to verify is null");
            }
            SSLSession session = ssl.GetSession();

            if (session == null)
            {
                // In our experience this only happens under IBM 1.4.x when
                // spurious (unrelated) certificates show up in the server'
                // chain.  Hopefully this will unearth the real problem:
                InputStream @in = ssl.GetInputStream();
                @in.Available();
                // If ssl.getInputStream().available() didn't cause an
                // exception, maybe at least now the session is available?
                session = ssl.GetSession();
                if (session == null)
                {
                    // If it's still null, probably a startHandshake() will
                    // unearth the real problem.
                    ssl.StartHandshake();
                    // Okay, if we still haven't managed to cause an exception,
                    // might as well go for the NPE.  Or maybe we're okay now?
                    session = ssl.GetSession();
                }
            }
            Certificate[]   certs = session.GetPeerCertificates();
            X509Certificate x509  = (X509Certificate)certs[0];

            Verify(host, x509);
        }
Esempio n. 2
0
            /// <exception cref="System.IO.IOException"/>
            public override void Check(string[] host, SSLSocket ssl)
            {
                if (host == null)
                {
                    throw new ArgumentNullException("host to verify is null");
                }
                SSLSession session = ssl.GetSession();

                if (session == null)
                {
                    // In our experience this only happens under IBM 1.4.x when
                    // spurious (unrelated) certificates show up in the server'
                    // chain.  Hopefully this will unearth the real problem:
                    InputStream @in = ssl.GetInputStream();
                    @in.Available();

                    /*
                     * If you're looking at the 2 lines of code above because
                     * you're running into a problem, you probably have two
                     * options:
                     *
                     #1.  Clean up the certificate chain that your server
                     * is presenting (e.g. edit "/etc/apache2/server.crt"
                     * or wherever it is your server's certificate chain
                     * is defined).
                     *
                     * OR
                     *
                     #2.   Upgrade to an IBM 1.5.x or greater JVM, or switch
                     * to a non-IBM JVM.
                     */
                    // If ssl.getInputStream().available() didn't cause an
                    // exception, maybe at least now the session is available?
                    session = ssl.GetSession();
                    if (session == null)
                    {
                        // If it's still null, probably a startHandshake() will
                        // unearth the real problem.
                        ssl.StartHandshake();
                        // Okay, if we still haven't managed to cause an exception,
                        // might as well go for the NPE.  Or maybe we're okay now?
                        session = ssl.GetSession();
                    }
                }
                Certificate[] certs;
                try
                {
                    certs = session.GetPeerCertificates();
                }
                catch (SSLPeerUnverifiedException spue)
                {
                    InputStream @in = ssl.GetInputStream();
                    @in.Available();
                    // Didn't trigger anything interesting?  Okay, just throw
                    // original.
                    throw;
                }
                X509Certificate x509 = (X509Certificate)certs[0];

                Check(host, x509);
            }