protected void InitializeClientContext(X509List certificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation)
{
// Initialize the context with specified TLS version
sslContext = new SslContext(SslMethod.TLSv12_client_method, ConnectionEnd.Client, true, new[] { Protocols.Http2, Protocols.Http1 });
// Remove support for protocols not specified in the enabledSslProtocols
if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
{
sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
}
if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
{
// no SSLv3 support
sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
}
if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
(enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
{
sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
}
// Set the Local certificate selection callback
sslContext.SetClientCertCallback(internalCertificateSelectionCallback);
// Set the enabled cipher list
sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
// Set the callbacks for remote cert verification and local cert selection
if (remoteCertificateSelectionCallback != null)
{
sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
}
// Set the CA list into the store
if (caCertificates != null)
{
var store = new X509Store(caCertificates);
sslContext.SetCertificateStore(store);
}
// Set up the read/write bio's
read_bio = BIO.MemoryBuffer(false);
write_bio = BIO.MemoryBuffer(false);
ssl = new Ssl(sslContext);
sniCb = sniExt.ClientSniCb;
sniExt.AttachSniExtensionClient(ssl.Handle, sslContext.Handle, sniCb);
ssl.SetBIO(read_bio, write_bio);
read_bio.SetClose(BIO.CloseOption.Close);
write_bio.SetClose(BIO.CloseOption.Close);
// Set the Ssl object into Client mode
ssl.SetConnectState();
}
public override void Close()
{
if (disposed)
{
return;
}
if (ssl != null)
{
ssl.Dispose();
ssl = null;
}
if (sslContext != null)
{
sslContext.Dispose();
sslContext = null;
}
base.Close();
this.Dispose();
}
internal int OnClientCertThunk(IntPtr ssl_ptr, out IntPtr cert_ptr, out IntPtr key_ptr)
{
X509Certificate cert = null;
CryptoKey key = null;
Ssl ssl = new Ssl(ssl_ptr, false);
cert_ptr = IntPtr.Zero;
key_ptr = IntPtr.Zero;
int nRet = OnClientCertCallback(ssl, out cert, out key);
if (nRet != 0)
{
if (cert != null)
{
cert_ptr = cert.Handle;
}
if (key != null)
{
key_ptr = key.Handle;
}
}
return(nRet);
}
