예제 #1
0
        protected void InitializeClientContext(X509List certificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation)
        {
            // Initialize the context with specified TLS version
            sslContext = new SslContext(SslMethod.TLSv12_client_method, ConnectionEnd.Client, true, new[] { Protocols.Http2, Protocols.Http1 });

            // Remove support for protocols not specified in the enabledSslProtocols
            if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            }
            if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
                ((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
            {
                // no SSLv3 support
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
            }
            if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
                (enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
            }

            // Set the Local certificate selection callback
            sslContext.SetClientCertCallback(internalCertificateSelectionCallback);
            // Set the enabled cipher list
            sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
            // Set the callbacks for remote cert verification and local cert selection
            if (remoteCertificateSelectionCallback != null)
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
            }
            // Set the CA list into the store
            if (caCertificates != null)
            {
                var store = new X509Store(caCertificates);
                sslContext.SetCertificateStore(store);
            }
            // Set up the read/write bio's
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            ssl       = new Ssl(sslContext);

            sniCb = sniExt.ClientSniCb;
            sniExt.AttachSniExtensionClient(ssl.Handle, sslContext.Handle, sniCb);

            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into Client mode
            ssl.SetConnectState();
        }
예제 #2
0
        public override void Close()
        {
            if (disposed)
            {
                return;
            }

            if (ssl != null)
            {
                ssl.Dispose();
                ssl = null;
            }
            if (sslContext != null)
            {
                sslContext.Dispose();
                sslContext = null;
            }

            base.Close();
            this.Dispose();
        }
예제 #3
0
            internal int OnClientCertThunk(IntPtr ssl_ptr, out IntPtr cert_ptr, out IntPtr key_ptr)
            {
                X509Certificate cert = null;
                CryptoKey       key  = null;
                Ssl             ssl  = new Ssl(ssl_ptr, false);

                cert_ptr = IntPtr.Zero;
                key_ptr  = IntPtr.Zero;

                int nRet = OnClientCertCallback(ssl, out cert, out key);

                if (nRet != 0)
                {
                    if (cert != null)
                    {
                        cert_ptr = cert.Handle;
                    }
                    if (key != null)
                    {
                        key_ptr = key.Handle;
                    }
                }
                return(nRet);
            }