public static SafeSslHandle Create(SafeSslContextHandle context, bool isServer) { IntPtr memMethod = libcrypto.BIO_s_mem(); SafeBioHandle readBio = libcrypto.BIO_new(memMethod); if (readBio.IsInvalid) { return new SafeSslHandle(); } SafeBioHandle writeBio = libcrypto.BIO_new(memMethod); if (writeBio.IsInvalid) { readBio.Dispose(); return new SafeSslHandle(); } SafeSslHandle handle = SSL_new(context); if (handle.IsInvalid) { readBio.Dispose(); writeBio.Dispose(); return handle; } handle._isServer = isServer; // After SSL_set_bio, the BIO handles are owned by SSL pointer // and are automatically freed by SSL_free. To prevent a double // free, we need to keep the ref counts bumped up till SSL_free bool gotRef = false; readBio.DangerousAddRef(ref gotRef); try { bool ignore = false; writeBio.DangerousAddRef(ref ignore); } catch { if (gotRef) { readBio.DangerousRelease(); } throw; } SSL_set_bio(handle, readBio, writeBio); handle._readBio = readBio; handle._writeBio = writeBio; if (isServer) { SSL_set_accept_state(handle); } else { SSL_set_connect_state(handle); } return handle; }
private static CURLcode SetSslCtxVerifyCallback( IntPtr curl, IntPtr sslCtx) { using (SafeSslContextHandle ctx = new SafeSslContextHandle(sslCtx, ownsHandle: false)) { Interop.Ssl.SslCtxSetCertVerifyCallback(ctx, s_sslVerifyCallback, IntPtr.Zero); } return CURLcode.CURLE_OK; }
private static int SetSslCtxVerifyCallback( IntPtr curl, IntPtr sslCtx, IntPtr userPtr) { using (SafeSslContextHandle ctx = new SafeSslContextHandle(sslCtx, ownsHandle: false)) { Interop.Ssl.SslCtxSetCertVerifyCallback(ctx, s_sslVerifyCallback, userPtr); } return Interop.libcurl.CURLcode.CURLE_OK; }
private static CURLcode SetSslCtxVerifyCallback( IntPtr curl, IntPtr sslCtx, IntPtr userPointer) { using (SafeSslContextHandle ctx = new SafeSslContextHandle(sslCtx, ownsHandle: false)) { Interop.Ssl.SslCtxSetCertVerifyCallback(ctx, s_sslVerifyCallback, curl); if (userPointer == IntPtr.Zero) { VerboseTrace("Not using client Certificate callback "); } else { ClientCertificateProvider provider = null; try { GCHandle handle = GCHandle.FromIntPtr(userPointer); provider = (ClientCertificateProvider)handle.Target; } catch (InvalidCastException) { Debug.Fail("ClientCertificateProvider wasn't the GCHandle's Target"); return CURLcode.CURLE_ABORTED_BY_CALLBACK; } catch (InvalidOperationException) { Debug.Fail("Invalid GCHandle in CurlSslCallback"); return CURLcode.CURLE_ABORTED_BY_CALLBACK; } Debug.Assert(provider != null, "Expected non-null sslCallback in curlCallBack"); Interop.Ssl.SslCtxSetClientCertCallback(ctx, provider._callback); } } return CURLcode.CURLE_OK; }
internal static extern void SslCtxSetQuietShutdown(SafeSslContextHandle ctx);
internal static extern int SslCtxCheckPrivateKey(SafeSslContextHandle ctx);
internal static extern int SslCtxUsePrivateKey(SafeSslContextHandle ctx, SafeEvpPKeyHandle keyPtr);
internal static extern void SslCtxSetCertVerifyCallback(SafeSslContextHandle ctx, AppVerifyCallback cb, IntPtr arg);
public static SafeSslHandle Create(SafeSslContextHandle context, bool isServer) { SafeBioHandle readBio = Interop.Crypto.CreateMemoryBio(); if (readBio.IsInvalid) { return(new SafeSslHandle()); } SafeBioHandle writeBio = Interop.Crypto.CreateMemoryBio(); if (writeBio.IsInvalid) { readBio.Dispose(); return(new SafeSslHandle()); } SafeSslHandle handle = Interop.Ssl.SslCreate(context); if (handle.IsInvalid) { readBio.Dispose(); writeBio.Dispose(); return(handle); } handle._isServer = isServer; // After SSL_set_bio, the BIO handles are owned by SSL pointer // and are automatically freed by SSL_free. To prevent a double // free, we need to keep the ref counts bumped up till SSL_free bool gotRef = false; readBio.DangerousAddRef(ref gotRef); try { bool ignore = false; writeBio.DangerousAddRef(ref ignore); } catch { if (gotRef) { readBio.DangerousRelease(); } throw; } Interop.Ssl.SslSetBio(handle, readBio, writeBio); handle._readBio = readBio; handle._writeBio = writeBio; if (isServer) { Interop.Ssl.SslSetAcceptState(handle); } else { Interop.Ssl.SslSetConnectState(handle); } return(handle); }
internal static extern long SSL_CTX_ctrl(SafeSslContextHandle ctx, int cmd, long larg, IntPtr parg);
internal static extern void SslCtxSetClientCAList(SafeSslContextHandle ctx, SafeX509NameStackHandle x509NameStackPtr);
internal static extern int SSL_CTX_check_private_key(SafeSslContextHandle ctx);
internal static extern void SSL_CTX_set_quiet_shutdown(SafeSslContextHandle ctx, int mode);
internal static extern void SSL_CTX_set_verify(SafeSslContextHandle ctx, int mode, [MarshalAs(UnmanagedType.FunctionPtr)] verify_callback callback);
internal static extern void SSL_CTX_set_client_CA_list(SafeSslContextHandle ctx, SafeX509NameStackHandle x509NameStackPtr);
internal static extern int SSL_CTX_set_cipher_list(SafeSslContextHandle ctx, string policy);
internal static extern void SslCtxSetVerify(SafeSslContextHandle ctx, SslCtxSetVerifyCallback callback);
internal static extern SafeSslHandle SSL_new(SafeSslContextHandle ctx);
internal static extern void SetEncryptionPolicy(SafeSslContextHandle ctx, EncryptionPolicy policy);
public static SafeSslHandle Create(SafeSslContextHandle context, bool isServer) { SafeBioHandle readBio = Interop.Crypto.CreateMemoryBio(); SafeBioHandle writeBio = Interop.Crypto.CreateMemoryBio(); SafeSslHandle handle = Interop.Ssl.SslCreate(context); if (readBio.IsInvalid || writeBio.IsInvalid || handle.IsInvalid) { readBio.Dispose(); writeBio.Dispose(); handle.Dispose(); // will make IsInvalid==true if it's not already return handle; } handle._isServer = isServer; // SslSetBio will transfer ownership of the BIO handles to the SSL context try { readBio.TransferOwnershipToParent(handle); writeBio.TransferOwnershipToParent(handle); handle._readBio = readBio; handle._writeBio = writeBio; Interop.Ssl.SslSetBio(handle, readBio, writeBio); } catch (Exception exc) { // The only way this should be able to happen without thread aborts is if we hit OOMs while // manipulating the safe handles, in which case we may leak the bio handles. Debug.Fail("Unexpected exception while transferring SafeBioHandle ownership to SafeSslHandle", exc.ToString()); throw; } if (isServer) { Interop.Ssl.SslSetAcceptState(handle); } else { Interop.Ssl.SslSetConnectState(handle); } return handle; }
internal static extern void SetProtocolOptions(SafeSslContextHandle ctx, SslProtocols protocols);
private static void UpdateCAListFromRootStore(SafeSslContextHandle context) { using (SafeX509NameStackHandle nameStack = Crypto.NewX509NameStack()) { //maintaining the HashSet of Certificate's issuer name to keep track of duplicates HashSet<string> issuerNameHashSet = new HashSet<string>(); //Enumerate Certificates from LocalMachine and CurrentUser root store AddX509Names(nameStack, StoreLocation.LocalMachine, issuerNameHashSet); AddX509Names(nameStack, StoreLocation.CurrentUser, issuerNameHashSet); Ssl.SslCtxSetClientCAList(context, nameStack); // The handle ownership has been transferred into the CTX. nameStack.SetHandleAsInvalid(); } }
internal static extern int SSL_CTX_use_certificate(SafeSslContextHandle ctx, SafeX509Handle certPtr);
internal static extern void SslCtxSetClientCertCallback(SafeSslContextHandle ctx, ClientCertCallback callback);
internal static extern SafeSslHandle SslCreate(SafeSslContextHandle ctx);
internal static extern int SSL_CTX_use_PrivateKey(SafeSslContextHandle ctx, SafeEvpPKeyHandle keyPtr);
private static void SetSslCertificate(SafeSslContextHandle contextPtr, SafeX509Handle certPtr, SafeEvpPKeyHandle keyPtr) { Debug.Assert(certPtr != null && !certPtr.IsInvalid, "certPtr != null && !certPtr.IsInvalid"); Debug.Assert(keyPtr != null && !keyPtr.IsInvalid, "keyPtr != null && !keyPtr.IsInvalid"); int retVal = Ssl.SslCtxUseCertificate(contextPtr, certPtr); if (1 != retVal) { throw CreateSslException(SR.net_ssl_use_cert_failed); } retVal = Ssl.SslCtxUsePrivateKey(contextPtr, keyPtr); if (1 != retVal) { throw CreateSslException(SR.net_ssl_use_private_key_failed); } //check private key retVal = Ssl.SslCtxCheckPrivateKey(contextPtr); if (1 != retVal) { throw CreateSslException(SR.net_ssl_check_private_key_failed); } }
internal static extern int SslCtxUseCertificate(SafeSslContextHandle ctx, SafeX509Handle certPtr);