Exemplo n.º 1
0
        public SslStreamServer(
            Stream stream,
            bool ownStream,
            X509Certificate serverCertificate,
            bool clientCertificateRequired,
            X509Chain caCerts,
            SslProtocols enabledSslProtocols,
            SslStrength sslStrength,
            bool checkCertificateRevocation,
            RemoteCertificateValidationHandler remote_callback)
            : base(stream, ownStream)
        {
            this.checkCertificateRevocationStatus   = checkCertificateRevocation;
            this.remoteCertificateSelectionCallback = remote_callback;

            // Initialize the SslContext object
            InitializeServerContext(serverCertificate, clientCertificateRequired, caCerts, enabledSslProtocols, sslStrength, checkCertificateRevocation);

            // Initalize the Ssl object
            ssl = new Ssl(sslContext);
            // Initialze the read/write bio
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            // Set the read/write bio's into the the Ssl object
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into server mode
            ssl.SetAcceptState();
        }
Exemplo n.º 2
0
        protected void InitializeClientContextUsingPsk(string pskCiphers)
        {
            // Initialize the context with the specified ssl version
            //sslContext = new SslContext(SslMethod.SSLv23_client_method);
            sslContext = new SslContext(SslMethod.TLSv1_client_method);
            //sslContext = new SslContext(SslMethod.SSLv3_client_method);

            // Remove support for protocols that should not be supported
            sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;

            // Set the enabled cipher list
            // WARNING: Using PSK ciphers requires that the PSK callback be set and initialize the identity and psk value.
            // Failure to do this will cause the PSK ciphers to be skipped when picking a shared cipher.
            // The result will be an error because of "no shared ciphers".
//            sslContext.SetCipherList("PSK-AES256-CBC-SHA:PSK-3DES-EDE-CBC-SHA:PSK-AES128-CBC-SHA:PSK-RC4-SHA");
            sslContext.SetCipherList(pskCiphers);

            // Set the PSK callbacks
            sslContext.SetPskClientCallback(this.internalPskClientCallback);

            // Set up the read/write bio's
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            ssl       = new Ssl(sslContext);
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            ssl.SetConnectState();
        }
Exemplo n.º 3
0
        public SslStreamServer(
            Stream stream,
            bool ownStream,
            string pskCiphers,
            byte[] pskPsk)
            : base(stream, ownStream)
        {
            this.pskCiphers = pskCiphers;
            this.pskPsk     = pskPsk;

            this.internalPskServerCallback = new PskServerCallbackHandler(InternalPskServerCallback);

            // Initialize the SslContext object
            InitializeServerContextUsingPsk(this.pskCiphers);

            // Initalize the Ssl object
            ssl = new Ssl(sslContext);
            // Initialze the read/write bio
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            // Set the read/write bio's into the the Ssl object
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into server mode
            ssl.SetAcceptState();
        }
Exemplo n.º 4
0
        protected void InitializeClientContext(X509List certificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation)
        {
            // Initialize the context with the specified ssl version
            // Initialize the context
            sslContext = new SslContext(SslMethod.SSLv23_client_method);

            // Remove support for protocols not specified in the enabledSslProtocols
            if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2;
            }
            if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 &&
                ((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default))
            {
                // no SSLv3 support
                sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3;
            }
            if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls &&
                (enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)
            {
                sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1;
            }

            // Set the Local certificate selection callback
            sslContext.SetClientCertCallback(this.internalCertificateSelectionCallback);
            // Set the enabled cipher list
            sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength));
            // Set the callbacks for remote cert verification and local cert selection
            if (remoteCertificateSelectionCallback != null)
            {
                sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback);
            }
            // Set the CA list into the store
            if (caCertificates != null)
            {
                X509Store store = new X509Store(caCertificates);
                sslContext.SetCertificateStore(store);
            }
            // Set up the read/write bio's
            read_bio  = BIO.MemoryBuffer(false);
            write_bio = BIO.MemoryBuffer(false);
            ssl       = new Ssl(sslContext);
            ssl.SetBIO(read_bio, write_bio);
            read_bio.SetClose(BIO.CloseOption.Close);
            write_bio.SetClose(BIO.CloseOption.Close);
            // Set the Ssl object into Client mode
            ssl.SetConnectState();
        }