internal static bool CheckClientCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates) { if (certificates == null || certificates.Count < 1) { if (!config.UserSettings.RequireClientCertificate) { return(false); } throw new TlsException(AlertDescription.CertificateUnknown); } var leaf = certificates [0]; var chain = new MX.X509Chain(); chain.LoadCertificates(certificates); var ok = chain.Build(leaf); var errors = GetStatus(chain.Status); var certParams = config.UserSettings.ClientCertificateParameters; if (certParams.CertificateAuthorities.Count > 0) { if (!certParams.CertificateAuthorities.Contains(leaf.IssuerName)) { throw new TlsException(AlertDescription.BadCertificate); } } if (config.UserSettings.ClientCertValidationCallback != null) { ok = config.UserSettings.ClientCertValidationCallback(certParams, leaf, chain, errors); } if (!ok) { throw new TlsException(AlertDescription.CertificateUnknown); } return(true); }
internal static void CheckRemoteCertificate(TlsConfiguration config, MX.X509CertificateCollection certificates) { if (certificates == null || certificates.Count < 1) { throw new TlsException(AlertDescription.CertificateUnknown); } var leaf = certificates [0]; var chain = new MX.X509Chain(); chain.LoadCertificates(certificates); var ok = chain.Build(leaf); var errors = GetStatus(chain.Status); if (config.RemoteCertValidationCallback != null) { ok = config.RemoteCertValidationCallback(null, leaf, chain, errors); } if (!ok) { throw new TlsException(AlertDescription.CertificateUnknown); } }