bool InvokeSystemValidator(string targetHost, bool serverMode, X509CertificateCollection certificates, X509Chain chain, ref MonoSslPolicyErrors xerrors, ref int status11) { var errors = (SslPolicyErrors)xerrors; var result = SystemCertificateValidator.Evaluate(settings, targetHost, certificates, chain, ref errors, ref status11); xerrors = (MonoSslPolicyErrors)errors; return(result); }
public override bool ValidateCertificate(ChainValidationHelper validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref SslPolicyErrors errors, ref int status11) { if (wantsChain) { chain = SystemCertificateValidator.CreateX509Chain(certificates); } var result = SystemCertificateValidator.Evaluate(validator.Settings, targetHost, certificates, chain, ref errors, ref status11); return(result); }
internal override bool ValidateCertificate( MSI.ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MSI.MonoSslPolicyErrors errors, ref int status11) { if (wantsChain) { chain = SystemCertificateValidator.CreateX509Chain(certificates); } var xerrors = (SslPolicyErrors)errors; var result = SystemCertificateValidator.Evaluate(validator.Settings, targetHost, certificates, chain, ref xerrors, ref status11); errors = (MSI.MonoSslPolicyErrors)xerrors; return(result); }
ValidationResult ValidateChain(string host, bool server, X509Certificate leaf, ref X509Chain chain, X509CertificateCollection certs, SslPolicyErrors errors) { // user_denied is true if the user callback is called and returns false bool user_denied = false; bool result = false; var hasCallback = certValidationCallback != null || callbackWrapper != null; if (tlsStream != null) { request.ServicePoint.UpdateServerCertificate(leaf); } if (leaf == null) { errors |= SslPolicyErrors.RemoteCertificateNotAvailable; if (hasCallback) { if (callbackWrapper != null) { result = callbackWrapper.Invoke(certValidationCallback, leaf, null, (MonoSslPolicyErrors)errors); } else { result = certValidationCallback.Invoke(sender, leaf, null, errors); } user_denied = !result; } return(new ValidationResult(result, user_denied, 0, (MonoSslPolicyErrors)errors)); } // Ignore port number when validating certificates. if (!string.IsNullOrEmpty(host)) { var pos = host.IndexOf(':'); if (pos > 0) { host = host.Substring(0, pos); } } ICertificatePolicy policy = ServicePointManager.GetLegacyCertificatePolicy(); int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback bool wantsChain = SystemCertificateValidator.NeedsChain(settings); if (!wantsChain && hasCallback) { if (settings == null || settings.CallbackNeedsCertificateChain) { wantsChain = true; } } var xerrors = (MonoSslPolicyErrors)errors; result = provider.ValidateCertificate(this, host, server, certs, wantsChain, ref chain, ref xerrors, ref status11); errors = (SslPolicyErrors)xerrors; if (status11 == 0 && errors != 0) { // TRUST_E_FAIL status11 = unchecked ((int)0x800B010B); } if (policy != null && (!(policy is DefaultCertificatePolicy) || certValidationCallback == null)) { ServicePoint sp = null; if (request != null) { sp = request.ServicePointNoLock; } // pre 2.0 callback result = policy.CheckValidationResult(sp, leaf, request, status11); user_denied = !result && !(policy is DefaultCertificatePolicy); } // If there's a 2.0 callback, it takes precedence if (hasCallback) { if (callbackWrapper != null) { result = callbackWrapper.Invoke(certValidationCallback, leaf, chain, (MonoSslPolicyErrors)errors); } else { result = certValidationCallback.Invoke(sender, leaf, chain, errors); } user_denied = !result; } return(new ValidationResult(result, user_denied, status11, (MonoSslPolicyErrors)errors)); }
ValidationResult ValidateChain(string host, bool server, XX509CertificateCollection certs, SslPolicyErrors errors) { // user_denied is true if the user callback is called and returns false bool user_denied = false; bool result = false; var hasCallback = certValidationCallback != null || callbackWrapper != null; X509Certificate leaf; if (certs == null || certs.Count == 0) { leaf = null; } else { leaf = certs [0]; } if (tlsStream != null) { request.ServicePoint.SetServerCertificate(leaf); } if (leaf == null) { errors |= SslPolicyErrors.RemoteCertificateNotAvailable; if (hasCallback) { if (callbackWrapper != null) { result = callbackWrapper.Invoke(certValidationCallback, leaf, null, (MonoSslPolicyErrors)errors); } else { result = certValidationCallback.Invoke(sender, leaf, null, errors); } user_denied = !result; } return(new ValidationResult(result, user_denied, 0, (MonoSslPolicyErrors)errors)); } ICertificatePolicy policy = ServicePointManager.GetLegacyCertificatePolicy(); int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback X509Chain chain = null; bool wantsChain = SystemCertificateValidator.NeedsChain(settings); if (!wantsChain && hasCallback) { if (settings == null || settings.CallbackNeedsCertificateChain) { wantsChain = true; } } if (wantsChain) { chain = SystemCertificateValidator.CreateX509Chain(certs); } if (wantsChain || SystemCertificateValidator.NeedsChain(settings)) { SystemCertificateValidator.BuildX509Chain(certs, chain, ref errors, ref status11); } bool providerValidated = false; if (provider != null && provider.HasCustomSystemCertificateValidator) { var xerrors = (MonoSslPolicyErrors)errors; var xchain = (XX509Chain)(object)chain; providerValidated = provider.InvokeSystemCertificateValidator(this, host, server, certs, xchain, out result, ref xerrors, ref status11); errors = (SslPolicyErrors)xerrors; } if (!providerValidated) { result = SystemCertificateValidator.Evaluate(settings, host, certs, chain, ref errors, ref status11); } if (policy != null && (!(policy is DefaultCertificatePolicy) || certValidationCallback == null)) { ServicePoint sp = null; if (request != null) { sp = request.ServicePointNoLock; } if (status11 == 0 && errors != 0) { // TRUST_E_FAIL status11 = unchecked ((int)0x800B010B); } // pre 2.0 callback result = policy.CheckValidationResult(sp, leaf, request, status11); user_denied = !result && !(policy is DefaultCertificatePolicy); } // If there's a 2.0 callback, it takes precedence if (hasCallback) { if (callbackWrapper != null) { result = callbackWrapper.Invoke(certValidationCallback, leaf, chain, (MonoSslPolicyErrors)errors); } else { result = certValidationCallback.Invoke(sender, leaf, chain, errors); } user_denied = !result; } return(new ValidationResult(result, user_denied, status11, (MonoSslPolicyErrors)errors)); }