public void do_handshake()
{
try {
// make sure the remote side hasn't shutdown before authenticating so we don't
// hang if we're in blocking mode.
#pragma warning disable 219 // unused variable
int available = _socket._socket.Available;
#pragma warning restore 219
} catch (SocketException) {
throw PythonExceptions.CreateThrowable(PythonExceptions.OSError, "socket closed before handshake");
}
EnsureSslStream(true);
var enabledSslProtocols = GetProtocolType(_protocol);
try {
if (_serverSide)
{
_sslStream.AuthenticateAsServer(_cert, _certsMode == PythonSsl.CERT_REQUIRED, enabledSslProtocols, false);
}
else
{
var collection = new X509CertificateCollection();
if (_cert != null)
{
collection.Add(_cert);
}
_sslStream.AuthenticateAsClient(_serverHostName ?? _socket._hostName, collection, enabledSslProtocols, false);
}
} catch (AuthenticationException e) {
((IDisposable)_socket._socket).Dispose();
throw PythonExceptions.CreateThrowable(PythonSsl.SSLError(_context), "errors while performing handshake: ", e.ToString());
}
if (_validationFailure != null)
{
throw _validationFailure;
}
}
private void ValidationError(object reason)
{
_validationFailure = PythonExceptions.CreateThrowable(PythonSsl.SSLError(_context), "errors while validating certificate chain: ", reason.ToString());
}
internal _SSLSocket(CodeContext context,
PythonSocket.socket sock,
bool server_side,
string keyfile = null,
string certfile = null,
int certs_mode = PythonSsl.CERT_NONE,
int protocol = (PythonSsl.PROTOCOL_SSLv23 | PythonSsl.OP_NO_SSLv2 | PythonSsl.OP_NO_SSLv3),
string cacertsfile = null,
X509Certificate2Collection certs = null)
{
if (sock == null)
{
throw PythonOps.TypeError("expected socket object, got None");
}
_serverSide = server_side;
bool validate;
_certsMode = certs_mode;
RemoteCertificateValidationCallback callback;
switch (certs_mode)
{
case PythonSsl.CERT_NONE:
validate = false;
callback = CertValidationCallback;
break;
case PythonSsl.CERT_OPTIONAL:
validate = true;
callback = CertValidationCallbackOptional;
break;
case PythonSsl.CERT_REQUIRED:
validate = true;
callback = CertValidationCallbackRequired;
break;
default:
throw new InvalidOperationException(String.Format("bad certs_mode: {0}", certs_mode));
}
_callback = callback;
if (certs != null)
{
_certCollection = certs;
}
if (certfile != null)
{
_cert = PythonSsl.ReadCertificate(context, certfile);
}
if (cacertsfile != null)
{
_certCollection = new X509Certificate2Collection(new[] { PythonSsl.ReadCertificate(context, cacertsfile) });
}
_socket = sock;
EnsureSslStream(false);
_protocol = protocol;
_validate = validate;
_context = context;
}
