void ReplaceHandler(IChannelHandlerContext context, ServerTlsSettings serverTlsSetting)
{
Contract.Requires(serverTlsSetting != null);
var tlsHandler = new TlsHandler(this.sslStreamFactory, serverTlsSetting);
context.Channel.Pipeline.Replace(this, nameof(TlsHandler), tlsHandler);
}
private void ReplaceHandler(IChannelHandlerContext context, ServerTlsSettings serverTlsSetting)
{
if (serverTlsSetting is null)
{
ThrowHelper.ThrowArgumentNullException(ExceptionArgument.serverTlsSetting);
}
var tlsHandler = new TlsHandler(_sslStreamFactory, serverTlsSetting);
_ = context.Pipeline.Replace(this, nameof(TlsHandler), tlsHandler);
}
private static bool ClientCertificateValidation(X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors, ServerTlsSettings serverSettings)
{
if (certificate is null)
{
return(serverSettings.ClientCertificateMode != ClientCertificateMode.RequireCertificate);
}
var clientCertificateValidationFunc = serverSettings.ClientCertificateValidation;
if (clientCertificateValidationFunc is null)
{
if (sslPolicyErrors != SslPolicyErrors.None)
{
return(false);
}
}
var certificate2 = ConvertToX509Certificate2(certificate);
if (certificate2 is null)
{
return(false);
}
if (clientCertificateValidationFunc is object)
{
if (!clientCertificateValidationFunc(certificate2, chain, sslPolicyErrors))
{
return(false);
}
}
return(true);
}