public SslStreamServer( Stream stream, bool ownStream, X509Certificate serverCertificate, bool clientCertificateRequired, X509Chain caCerts, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation, RemoteCertificateValidationHandler remote_callback) : base(stream, ownStream) { checkCertificateRevocationStatus = checkCertificateRevocation; remoteCertificateSelectionCallback = remote_callback; // Initialize the SslContext object InitializeServerContext(serverCertificate, clientCertificateRequired, caCerts, enabledSslProtocols, sslStrength, checkCertificateRevocation); // Initalize the Ssl object ssl = new Ssl(sslContext); sniCb = sniExt.ServerSniCb; sniExt.AttachSniExtensionServer(ssl.Handle, sslContext.Handle, sniCb); // Initialze the read/write bio read_bio = BIO.MemoryBuffer(false); write_bio = BIO.MemoryBuffer(false); // Set the read/write bio's into the the Ssl object ssl.SetBIO(read_bio, write_bio); read_bio.SetClose(BIO.CloseOption.Close); write_bio.SetClose(BIO.CloseOption.Close); // Set the Ssl object into server mode ssl.SetAcceptState(); }
public SslStreamServer( Stream stream, bool ownStream, X509Certificate serverCertificate, bool clientCertificateRequired, X509Chain caCerts, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation, RemoteCertificateValidationHandler remote_callback) : base(stream, ownStream) { this.checkCertificateRevocationStatus = checkCertificateRevocation; this.remoteCertificateSelectionCallback = remote_callback; // Initialize the SslContext object InitializeServerContext(serverCertificate, clientCertificateRequired, caCerts, enabledSslProtocols, sslStrength, checkCertificateRevocation); ssl = new Ssl(sslContext); // Initialze the read/write bio read_bio = BIO.MemoryBuffer(false); write_bio = BIO.MemoryBuffer(false); // Set the read/write bio's into the the Ssl object ssl.SetBIO(read_bio, write_bio); read_bio.SetClose(BIO.CloseOption.Close); write_bio.SetClose(BIO.CloseOption.Close); // Set the Ssl object into server mode ssl.SetAcceptState(); }
public AsyncServerTests(TestServer testServer) { this.testServer = testServer; // Initialize certificate callbacks (only used for Advanced test) clientRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert); clientLocalCertificateSelectionCallback = new LocalCertificateSelectionHandler(clientCertificateSelectionCallback); serverRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert); }
/// <summary> /// Create an SslStream based on an existing stream. /// </summary> /// <param name="stream"></param> /// <param name="leaveInnerStreamOpen"></param> /// <param name="remote_callback"></param> public SslStream(Stream stream, bool leaveInnerStreamOpen, RemoteCertificateValidationHandler remote_callback) : this( stream, leaveInnerStreamOpen, remote_callback, null) { }
/// <summary> /// Create an SslStream based on an existing stream. /// </summary> /// <param name="stream"></param> /// <param name="leaveInnerStreamOpen"></param> /// <param name="remote_callback"></param> /// <param name="local_callback"></param> public SslStream( Stream stream, bool leaveInnerStreamOpen, RemoteCertificateValidationHandler remote_callback, LocalCertificateSelectionHandler local_callback) : base(stream, leaveInnerStreamOpen) { remoteCertificateValidationCallback = remote_callback; localCertificateSelectionCallback = local_callback; }
public void AdvancedClientTest() { //Initialize delegates for certificate callbacks clientRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert); clientLocalCertificateSelectionCallback = new LocalCertificateSelectionHandler(clientCertificateSelectionCallback); try { testName = "AdvancedClientTest"; client = new TcpClient("localhost", 9000); // Create the SslStream object with the certificate callbacks sslStream = new SslStream(client.GetStream(), false, clientRemoteCertificateValidationCallback, clientLocalCertificateSelectionCallback); // Initialize with client certificate list, and client CA chain sslStream.AuthenticateAsClient("localhost", testServer.clientCertificateList, testServer.clientCAChain, SslProtocols.Tls, SslStrength.Medium | SslStrength.High, true); // Verify mutual authentication if (!sslStream.IsMutuallyAuthenticated) { Console.WriteLine("{0} failed - Stream is not mutally authenticated", testName); Shutdown(false); } // Verify protocol if (sslStream.SslProtocol != SslProtocols.Tls) { Console.WriteLine("{0} failed - negotiated a non Tls connection", testName); Shutdown(false); } // Verify cipher strength if (sslStream.CipherStrength < 256) { Console.WriteLine("{0} failed - negotiated less that 256bit cipher", testName); Console.WriteLine("Cipher={0}\nCipherStrength = {1}", sslStream.CipherAlgorithm.ToString(), sslStream.CipherStrength); Shutdown(false); } // Verify cipher if (sslStream.CipherAlgorithm != CipherAlgorithmType.Aes256) { Console.WriteLine("{0} failed - negotiatied cipher wasn't Aes256", testName); Console.WriteLine("Cipher was {0}, expected {0}", sslStream.CipherAlgorithm.ToString(), CipherAlgorithmType.Aes256.ToString()); Shutdown(false); } if (DoClientReadWrite()) { Shutdown(true); } else { Shutdown(false); } } catch (Exception ex) { Shutdown(false); Console.WriteLine(ex); } }
public void AdvancedServerTest() { serverRemoteCertificateValidationCallback = new RemoteCertificateValidationHandler(ValidateRemoteCert); try { testName = "AdvancedServerTest"; AcceptConnection(); // sets the client member sslStream = new SslStream(client.GetStream(), false, serverRemoteCertificateValidationCallback); sslStream.AuthenticateAsServer(testServer.serverCertificate, true, testServer.serverCAChain, SslProtocols.Tls, SslStrength.All, true); // Verify mutual authentication if (!sslStream.IsMutuallyAuthenticated) { Console.WriteLine("{0} failed - stream is not mutually authenticated", testName); Shutdown(false); return; } // Verify protocol if (sslStream.SslProtocol != SslProtocols.Tls) { Console.WriteLine("{0} failed - negotiated non Tls connection", testName); Shutdown(false); return; } // Verify cipher strength if (sslStream.CipherStrength < 256) { Console.WriteLine("{0} failed - negotiated less than 256bit cipher", testName); Shutdown(false); return; } // Do the server read, and write of the messages if (DoServerReadWrite()) { Shutdown(true); } else { Shutdown(false); } } catch (Exception) { Shutdown(false); } }
public SslStreamClient(Stream stream, bool ownStream, string targetHost, X509List clientCertificates, X509Chain caCertificates, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocationStatus, RemoteCertificateValidationHandler remoteCallback, LocalCertificateSelectionHandler localCallback) : base(stream, ownStream) { this.targetHost = targetHost; this.clientCertificates = clientCertificates; this.caCertificates = caCertificates; this.checkCertificateRevocationStatus = checkCertificateRevocationStatus; this.remoteCertificateSelectionCallback = remoteCallback; this.localCertificateSelectionCallback = localCallback; this.internalCertificateSelectionCallback = new ClientCertCallbackHandler(InternalClientCertificateSelectionCallback); InitializeClientContext(clientCertificates, enabledSslProtocols, sslStrength, checkCertificateRevocationStatus); }
/// <summary> /// Sets the certificate verification mode and callback - calls SSL_CTX_set_verify /// </summary> /// <param name="mode"></param> /// <param name="callback"></param> public void SetVerify(VerifyMode mode, RemoteCertificateValidationHandler callback) { this._verifyCertCallbackThunk = new VerifyCertCallbackThunk(callback); Native.SSL_CTX_set_verify(this.ptr, (int)mode, _verifyCertCallbackThunk.Callback); }
public VerifyCertCallbackThunk(RemoteCertificateValidationHandler callback) { this.OnVerifyCert = callback; }
/// <summary> /// Sets the certificate verification mode and callback - calls SSL_CTX_set_verify /// </summary> /// <param name="mode"></param> /// <param name="callback"></param> public void SetVerify(VerifyMode mode, RemoteCertificateValidationHandler callback) { OnVerifyCert = callback; Native.SSL_CTX_set_verify(ptr, (int)mode, callback == null ? null : _ptrOnVerifyCertThunk); }
/// <summary> /// Create an SslStream based on an existing stream. /// </summary> /// <param name="stream"></param> /// <param name="leaveInnerStreamOpen"></param> public SslStream(Stream stream, bool leaveInnerStreamOpen) : base(stream, leaveInnerStreamOpen) { remoteCertificateValidationCallback = null; localCertificateSelectionCallback = null; }