#region Fields
SslStreamBase ssl_stream;
+ MonoTlsProvider provider;
MonoTlsSettings settings;
ICertificateValidator certificateValidator;
#region Constructors
- public LegacySslStream (Stream innerStream)
- : this (innerStream, false)
- {
- }
-
- public LegacySslStream (Stream innerStream, bool leaveInnerStreamOpen)
- : base (innerStream, leaveInnerStreamOpen)
- {
- }
-
- public LegacySslStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsSettings settings)
+ public LegacySslStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsProvider provider, MonoTlsSettings settings)
: base (innerStream, leaveInnerStreamOpen)
{
+ this.provider = provider;
this.settings = settings;
- this.certificateValidator = settings.CertificateValidator;
+ this.certificateValidator = ChainValidationHelper.GetDefaultValidator (provider, settings);
}
#endregion // Constructors
return null;
};
-#if MARTIN_FIXME
// Even if validation_callback is null this allows us to verify requests where the user
// does not provide a verification callback but attempts to authenticate with the website
// as a client (see https://bugzilla.xamarin.com/show_bug.cgi?id=18962 for an example)
- s.ServerCertValidation2 += (certs) => ((ChainValidationHelper)certificateValidator).ValidateChain (targetHost, certs);
+ s.ServerCertValidation2 += (mcerts) => {
+ X509CertificateCollection certs = null;
+ if (mcerts != null) {
+ certs = new X509CertificateCollection ();
+ for (int i = 0; i < mcerts.Count; i++)
+ certs.Add (new X509Certificate2 (mcerts [i].RawData));
+ }
+ return ((ChainValidationHelper)certificateValidator).ValidateChain (targetHost, certs);
+ };
s.ClientCertSelectionDelegate = OnCertificateSelection;
-#else
- throw new NotImplementedException ();
-#endif
ssl_stream = s;
if (IsAuthenticated)
throw new InvalidOperationException ("This SslStream is already authenticated");
- SslServerStream s = new SslServerStream (InnerStream, serverCertificate, clientCertificateRequired, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols));
+ SslServerStream s = new SslServerStream (InnerStream, serverCertificate, false, clientCertificateRequired, !LeaveInnerStreamOpen, GetMonoSslProtocol (enabledSslProtocols));
s.CheckCertRevocationStatus = checkCertificateRevocation;
// Due to the Mono.Security internal, it cannot reuse
// the delegated argument, as Mono.Security creates
return cert2 != null ? cert2.PrivateKey : null;
};
-#if MARTIN_FIXME
s.ClientCertValidationDelegate = delegate (X509Certificate cert, int[] certErrors) {
var errors = certErrors.Length > 0 ? MonoSslPolicyErrors.RemoteCertificateChainErrors : MonoSslPolicyErrors.None;
return ((ChainValidationHelper)certificateValidator).ValidateClientCertificate (cert, errors);
};
-#else
- throw new NotImplementedException ();
-#endif
ssl_stream = s;