void SetupCertificateStore() { MonoBtlsProvider.SetupCertificateStore(ctx.CertificateStore); if (Settings != null && Settings.TrustAnchors != null) { var trust = IsServer ? MonoBtlsX509TrustKind.TRUST_CLIENT : MonoBtlsX509TrustKind.TRUST_SERVER; ctx.CertificateStore.AddCollection(Settings.TrustAnchors, trust); } }
void InitializeConnection() { ctx = new MonoBtlsSslCtx(); #if MARTIN_DEBUG errbio = MonoBtlsBio.CreateMonoStream(Console.OpenStandardError()); ctx.SetDebugBio(errbio); #endif MonoBtlsProvider.SetupCertificateStore(ctx.CertificateStore, Settings, IsServer); if (!IsServer || AskForClientCertificate) { ctx.SetVerifyCallback(VerifyCallback, false); } if (!IsServer) { ctx.SetSelectCallback(SelectCallback); } if (IsServer && (Options.ServerCertSelectionDelegate != null || Settings.ClientCertificateSelectionCallback != null)) { ctx.SetServerNameCallback(ServerNameCallback); } ctx.SetVerifyParam(MonoBtlsProvider.GetVerifyParam(Settings, ServerName, IsServer)); TlsProtocolCode?minProtocol, maxProtocol; GetProtocolVersions(out minProtocol, out maxProtocol); if (minProtocol != null) { ctx.SetMinVersion((int)minProtocol.Value); } if (maxProtocol != null) { ctx.SetMaxVersion((int)maxProtocol.Value); } if (Settings != null && Settings.EnabledCiphers != null) { var ciphers = new short [Settings.EnabledCiphers.Length]; for (int i = 0; i < ciphers.Length; i++) { ciphers [i] = (short)Settings.EnabledCiphers [i]; } ctx.SetCiphers(ciphers, true); } if (IsServer && Settings?.ClientCertificateIssuers != null) { ctx.SetClientCertificateIssuers(Settings.ClientCertificateIssuers); } }
void GetPeerCertificate() { if (remoteCertificate != null) { return; } using (var remoteCert = ssl.GetPeerCertificate()) { if (remoteCert != null) { remoteCertificate = MonoBtlsProvider.CreateCertificate(remoteCert); } } }
public override bool Verify(X509Certificate2 thisCertificate) { using (var chain = new MonoBtlsX509Chain()) { chain.AddCertificate(x509.Copy()); if (intermediateCerts != null) { for (int i = 0; i < intermediateCerts.Count; i++) { var intermediate = (X509CertificateImplBtls)intermediateCerts [i]; chain.AddCertificate(intermediate.x509.Copy()); } } return(MonoBtlsProvider.ValidateCertificate(chain, null)); } }
void InitializeConnection() { ctx = new MonoBtlsSslCtx(); #if MARTIN_DEBUG errbio = MonoBtlsBio.CreateMonoStream(Console.OpenStandardError()); ctx.SetDebugBio(errbio); #endif SetupCertificateStore(); if (!IsServer || AskForClientCertificate) { ctx.SetVerifyCallback(VerifyCallback, false); } if (!IsServer) { ctx.SetSelectCallback(SelectCallback); } var host = TargetHost; if (!string.IsNullOrEmpty(host)) { var pos = TargetHost.IndexOf(':'); if (pos > 0) { host = host.Substring(0, pos); } } ctx.SetVerifyParam(MonoBtlsProvider.GetVerifyParam(host, IsServer)); TlsProtocolCode minProtocol, maxProtocol; GetProtocolVersions(out minProtocol, out maxProtocol); ctx.SetMinVersion((int)minProtocol); ctx.SetMaxVersion((int)maxProtocol); if (Settings != null && Settings.EnabledCiphers != null) { var ciphers = new short [Settings.EnabledCiphers.Length]; for (int i = 0; i < ciphers.Length; i++) { ciphers [i] = (short)Settings.EnabledCiphers [i]; } ctx.SetCiphers(ciphers, true); } }
internal override bool ValidateCertificate( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11) { if (chain != null) { var chainImpl = (X509ChainImplBtls)chain.Impl; var success = chainImpl.StoreCtx.VerifyResult == 1; CheckValidationResult( validator, targetHost, serverMode, certificates, wantsChain, chain, chainImpl.StoreCtx, success, ref errors, ref status11); return(success); } using (var store = new MonoBtlsX509Store()) using (var nativeChain = MonoBtlsProvider.GetNativeChain(certificates)) using (var param = GetVerifyParam(validator.Settings, targetHost, serverMode)) using (var storeCtx = new MonoBtlsX509StoreCtx()) { SetupCertificateStore(store, validator.Settings, serverMode); storeCtx.Initialize(store, nativeChain); storeCtx.SetVerifyParam(param); var ret = storeCtx.Verify(); var success = ret == 1; if (wantsChain && chain == null) { chain = GetManagedChain(nativeChain); } CheckValidationResult( validator, targetHost, serverMode, certificates, wantsChain, null, storeCtx, success, ref errors, ref status11); return(success); } }
static void Main(string[] args) { if (!MonoBtlsProvider.IsSupported()) { Console.Error.WriteLine("BTLS is not supported in this runtime!"); Environment.Exit(255); } var configPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); configPath = Path.Combine(configPath, ".mono"); var oldStorePath = Path.Combine(configPath, "certs", "Trust"); var newStorePath = MonoBtlsX509StoreManager.GetStorePath(MonoBtlsX509StoreType.UserTrustedRoots); if (!Directory.Exists(oldStorePath)) { Console.WriteLine("Old trust store {0} does not exist."); Environment.Exit(255); } if (Directory.Exists(newStorePath)) { Directory.Delete(newStorePath, true); } Directory.CreateDirectory(newStorePath); var oldfiles = Directory.GetFiles(oldStorePath, "*.cer"); Console.WriteLine("Found {0} files in the old store.", oldfiles.Length); foreach (var file in oldfiles) { Console.WriteLine("Converting {0}.", file); var data = File.ReadAllBytes(file); using (var x509 = MonoBtlsX509.LoadFromData(data, MonoBtlsX509Format.DER)) { ConvertToNewFormat(newStorePath, x509); } } }
internal void AddTrustedRoots() { MonoBtlsProvider.SetupCertificateStore(this); }
internal void AddTrustedRoots() { MonoBtlsProvider.SetupCertificateStore(this, MonoTlsSettings.DefaultSettings, false); }
internal void AddTrustedRoots() { var systemRoot = MonoBtlsProvider.GetSystemStoreLocation(); LoadLocations(null, systemRoot); }