Merge pull request #2768 from lambdageek/dev/monoerror-cominterop

[mono.git] / mcs / class / System / Mono.Net.Security / SystemCertificateValidator.cs
diff --git a/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs b/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs

index 762c74aba1a34cf73f7d296edadec765fc4a05c0..8cd1ca0b6fac8de068150a1b0e18f3342ce8a7c0 100644 (file)
--- a/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
+++ b/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
@@ -44,7 +44,6 @@ namespace Mono.Net.Security
         internal static class SystemCertificateValidator
         {
                 static bool is_macosx;
-               static bool is_mobile;
  #if !MOBILE
                 static X509RevocationMode revocation_mode;
  #endif
@@ -53,13 +52,10 @@ namespace Mono.Net.Security
                 {
  #if MONOTOUCH
                         is_macosx = true;
-                       is_mobile = true;
  #elif MONODROID
                         is_macosx = false;
-                       is_mobile = true;
  #else
                         is_macosx = System.IO.File.Exists (OSX509Certificates.SecurityLibrary);
-                       is_mobile = false;
  #endif
  
  #if !MOBILE
@@ -90,13 +86,13 @@ namespace Mono.Net.Security
                         return chain;
                 }
  
-               public static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
+               static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
                 {
  #if MOBILE
-                       return true;
+                       return false;
  #else
                         if (is_macosx)
-                               return true;
+                               return false;
  
                         var leaf = (X509Certificate2)certs [0];
  
@@ -125,7 +121,9 @@ namespace Mono.Net.Security
                 static bool CheckUsage (XX509CertificateCollection certs, string host, ref SslPolicyErrors errors, ref int status11)
                 {
  #if !MONOTOUCH
-                       var leaf = (X509Certificate2)certs[0];
+                       var leaf = certs[0] as X509Certificate2;
+                       if (leaf == null)
+                               leaf = new X509Certificate2 (certs[0]);
                         // for OSX and iOS we're using the native API to check for the SSL server policy and host names
                         if (!is_macosx) {
                                 if (!CheckCertificateUsage (leaf)) {
@@ -134,7 +132,7 @@ namespace Mono.Net.Security
                                         return false;
                                 }
  
-                               if (host != null && !CheckServerIdentity (leaf, host)) {
+                               if (!string.IsNullOrEmpty (host) && !CheckServerIdentity (leaf, host)) {
                                         errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
                                         status11 = -2146762481; // CERT_E_CN_NO_MATCH 0x800B010F
                                         return false;
@@ -147,7 +145,7 @@ namespace Mono.Net.Security
                 static bool EvaluateSystem (XX509CertificateCollection certs, XX509CertificateCollection anchors, string host, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
                 {
                         var leaf = certs [0];
-                       var result = false;
+                       bool result;
  
  #if MONODROID
                         result = AndroidPlatform.TrustEvaluateSsl (certs);
@@ -170,6 +168,8 @@ namespace Mono.Net.Security
                                         result = (trustResult == OSX509Certificates.SecTrustResult.Proceed ||
                                                 trustResult == OSX509Certificates.SecTrustResult.Unspecified);
                                 } catch {
+                                       result = false;
+                                       errors |= SslPolicyErrors.RemoteCertificateChainErrors;
                                         // Ignore
                                 }
  
@@ -182,6 +182,8 @@ namespace Mono.Net.Security
                                         status11 = (int)trustResult;
                                         errors |= SslPolicyErrors.RemoteCertificateChainErrors;
                                 }
+                       } else {
+                               result = BuildX509Chain (certs, chain, ref errors, ref status11);
                         }
  #endif
  
@@ -207,6 +209,8 @@ namespace Mono.Net.Security
  #if MOBILE
                         return false;
  #else
+                       if (!is_macosx)
+                               return true;
                         if (!CertificateValidationHelper.SupportsX509Chain)
                                 return false;
                         if (settings != null)