// // Used only by client SSL code, never returns null. // internal static string[] GetRequestCertificateAuthorities(SafeDeleteContext securityContext) { Interop.SspiCli.SecPkgContext_IssuerListInfoEx issuerList = default; bool success = SSPIWrapper.QueryContextAttributes_SECPKG_ATTR_ISSUER_LIST_EX(GlobalSSPI.SSPISecureChannel, securityContext, ref issuerList, out SafeHandle sspiHandle); string[] issuers = Array.Empty <string>(); try { if (success && issuerList.cIssuers > 0) { unsafe { issuers = new string[issuerList.cIssuers]; var elements = new Span <Interop.SspiCli.CERT_CHAIN_ELEMENT>((void *)sspiHandle.DangerousGetHandle(), issuers.Length); for (int i = 0; i < elements.Length; ++i) { if (elements[i].cbSize <= 0) { NetEventSource.Fail(securityContext, $"Interop.SspiCli._CERT_CHAIN_ELEMENT size is not positive: {elements[i].cbSize}"); } if (elements[i].cbSize > 0) { byte[] x = new Span <byte>((byte *)elements[i].pCertContext, checked ((int)elements[i].cbSize)).ToArray(); var x500DistinguishedName = new X500DistinguishedName(x); issuers[i] = x500DistinguishedName.Name; if (NetEventSource.IsEnabled) { NetEventSource.Info(securityContext, "IssuerListEx[{issuers[i]}]"); } } } } } } finally { sspiHandle?.Dispose(); } return(issuers); }