public void do_handshake() { try { // make sure the remote side hasn't shutdown before authenticating so we don't // hang if we're in blocking mode. #pragma warning disable 219 // unused variable int available = _socket._socket.Available; #pragma warning restore 219 } catch (SocketException) { throw PythonExceptions.CreateThrowable(PythonExceptions.OSError, "socket closed before handshake"); } EnsureSslStream(true); var enabledSslProtocols = GetProtocolType(_protocol); try { if (_serverSide) { _sslStream.AuthenticateAsServer(_cert, _certsMode == PythonSsl.CERT_REQUIRED, enabledSslProtocols, false); } else { var collection = new X509CertificateCollection(); if (_cert != null) { collection.Add(_cert); } _sslStream.AuthenticateAsClient(_serverHostName ?? _socket._hostName, collection, enabledSslProtocols, false); } } catch (AuthenticationException e) { ((IDisposable)_socket._socket).Dispose(); throw PythonExceptions.CreateThrowable(PythonSsl.SSLError(_context), "errors while performing handshake: ", e.ToString()); } if (_validationFailure != null) { throw _validationFailure; } }
private void ValidationError(object reason) { _validationFailure = PythonExceptions.CreateThrowable(PythonSsl.SSLError(_context), "errors while validating certificate chain: ", reason.ToString()); }
internal _SSLSocket(CodeContext context, PythonSocket.socket sock, bool server_side, string keyfile = null, string certfile = null, int certs_mode = PythonSsl.CERT_NONE, int protocol = (PythonSsl.PROTOCOL_SSLv23 | PythonSsl.OP_NO_SSLv2 | PythonSsl.OP_NO_SSLv3), string cacertsfile = null, X509Certificate2Collection certs = null) { if (sock == null) { throw PythonOps.TypeError("expected socket object, got None"); } _serverSide = server_side; bool validate; _certsMode = certs_mode; RemoteCertificateValidationCallback callback; switch (certs_mode) { case PythonSsl.CERT_NONE: validate = false; callback = CertValidationCallback; break; case PythonSsl.CERT_OPTIONAL: validate = true; callback = CertValidationCallbackOptional; break; case PythonSsl.CERT_REQUIRED: validate = true; callback = CertValidationCallbackRequired; break; default: throw new InvalidOperationException(String.Format("bad certs_mode: {0}", certs_mode)); } _callback = callback; if (certs != null) { _certCollection = certs; } if (certfile != null) { _cert = PythonSsl.ReadCertificate(context, certfile); } if (cacertsfile != null) { _certCollection = new X509Certificate2Collection(new[] { PythonSsl.ReadCertificate(context, cacertsfile) }); } _socket = sock; EnsureSslStream(false); _protocol = protocol; _validate = validate; _context = context; }