public Core.Stack <X509Name> LoadClientCAFile(string filename) { IntPtr stack = Native.SSL_load_client_CA_file(filename); Core.Stack <X509Name> name_stack = new Core.Stack <X509Name>(stack, true); return(name_stack); }
public int InternalClientCertificateSelectionCallback(Ssl ssl, out X509Certificate x509_cert, out CryptoKey key) { int nRet = 0; x509_cert = null; key = null; Core.Stack <X509Name> name_stack = ssl.CAList; string[] strIssuers = new string[name_stack.Count]; int count = 0; foreach (X509Name name in name_stack) { strIssuers[count++] = name.OneLine; } if (localCertificateSelectionCallback != null) { X509Certificate cert = localCertificateSelectionCallback(this, targetHost, clientCertificates, ssl.GetPeerCertificate(), strIssuers); if (cert != null && cert.HasPrivateKey) { x509_cert = cert; key = cert.PrivateKey; // Addref the cert and private key x509_cert.AddRef(); key.AddRef(); // return success nRet = 1; } } return(nRet); }
internal int OnVerifyCertThunk(int ok, IntPtr store_ctx) { X509StoreContext ctx = new X509StoreContext(store_ctx, false); X509Certificate cert = ctx.CurrentCert; int depth = ctx.ErrorDepth; VerifyResult result = (VerifyResult)ctx.Error; // build the X509Chain from the store X509Store store = ctx.Store; Core.Stack <X509Object> objStack = store.Objects; X509Chain chain = new X509Chain(); foreach (X509Object obj in objStack) { X509Certificate objCert = obj.Certificate; if (objCert != null) { chain.Add(objCert); } } // Call the managed delegate if (OnVerifyCert(this, cert, chain, depth, result)) { return(1); } else { return(0); } }
public List <string> GetCipherList() { List <string> ret = new List <string>(); SSL_CTX raw = (SSL_CTX)Marshal.PtrToStructure(ptr, typeof(SSL_CTX)); Core.Stack <SslCipher> stack = new Core.Stack <SslCipher>(raw.cipher_list, false); foreach (SslCipher cipher in stack) { IntPtr cipher_ptr = Native.SSL_CIPHER_description(cipher.Handle, null, 0); if (cipher_ptr != IntPtr.Zero) { string strCipher = Marshal.PtrToStringAnsi(cipher_ptr); ret.Add(strCipher); Native.OPENSSL_free(cipher_ptr); } } return(ret); }
private void InitializeServerContext( X509Certificate serverCertificate, bool clientCertificateRequired, X509Chain caCerts, SslProtocols enabledSslProtocols, SslStrength sslStrength, bool checkCertificateRevocation) { if (serverCertificate == null) { throw new ArgumentNullException("serverCertificate", "Server certificate cannot be null"); } if (!serverCertificate.HasPrivateKey) { throw new ArgumentException("Server certificate must have a private key", "serverCertificate"); } // Initialize the context sslContext = new SslContext(SslMethod.SSLv23_server_method); // Remove support for protocols not specified in the enabledSslProtocols if ((enabledSslProtocols & SslProtocols.Ssl2) != SslProtocols.Ssl2) { sslContext.Options |= SslOptions.SSL_OP_NO_SSLv2; } if ((enabledSslProtocols & SslProtocols.Ssl3) != SslProtocols.Ssl3 && ((enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default)) { // no SSLv3 support sslContext.Options |= SslOptions.SSL_OP_NO_SSLv3; } if ((enabledSslProtocols & SslProtocols.Tls) != SslProtocols.Tls && (enabledSslProtocols & SslProtocols.Default) != SslProtocols.Default) { sslContext.Options |= SslOptions.SSL_OP_NO_TLSv1; } /* * // Initialize the context with the specified ssl version * switch (enabledSslProtocols) * { * case SslProtocols.None: * throw new ArgumentException("SslProtocol.None is not supported", "enabledSslProtocols"); * break; * case SslProtocols.Ssl2: * sslContext = new SslContext(SslMethod.SSLv2_server_method); * break; * case SslProtocols.Ssl3: * case SslProtocols.Default: * sslContext = new SslContext(SslMethod.SSLv3_server_method); * break; * case SslProtocols.Tls: * sslContext = new SslContext(SslMethod.TLSv1_server_method); * break; * } */ // Set the context mode sslContext.Mode = SslMode.SSL_MODE_AUTO_RETRY; // Set the workaround options sslContext.Options = SslOptions.SSL_OP_ALL; // Set the client certificate verification callback if we are requiring client certs if (clientCertificateRequired) { sslContext.SetVerify(VerifyMode.SSL_VERIFY_PEER | VerifyMode.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, remoteCertificateSelectionCallback); } else { sslContext.SetVerify(VerifyMode.SSL_VERIFY_NONE, null); } // Set the client certificate max verification depth sslContext.SetVerifyDepth(10); // Set the certificate store and ca list if (caCerts != null) { // Don't take ownership of the X509Store IntPtr. When we // SetCertificateStore, the context takes ownership of the store pointer. X509Store cert_store = new X509Store(caCerts, false); sslContext.SetCertificateStore(cert_store); Core.Stack <X509Name> name_stack = new Core.Stack <X509Name>(); foreach (X509Certificate cert in caCerts) { X509Name subject = cert.Subject; name_stack.Add(subject); } // Assign the stack to the context sslContext.CAList = name_stack; } // Set the cipher string sslContext.SetCipherList(GetCipherString(false, enabledSslProtocols, sslStrength)); // Set the certificate sslContext.UseCertificate(serverCertificate); // Set the private key sslContext.UsePrivateKey(serverCertificate.PrivateKey); // Set the session id context sslContext.SetSessionIdContext(Encoding.ASCII.GetBytes(AppDomain.CurrentDomain.FriendlyName)); }