private static bool _checkCRL = false;
private static SecurityProtocolType _securityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
-#if NET_1_1
#if TARGET_JVM
static bool expectContinue = false;
#else
static bool expectContinue = true;
#endif
static bool useNagle;
-#endif
static RemoteCertificateValidationCallback server_cert_cb;
+ static bool tcp_keepalive;
+ static int tcp_keepalive_time;
+ static int tcp_keepalive_interval;
// Fields
static ServicePointManager ()
{
#if !NET_2_1
-#if NET_2_0 && CONFIGURATION_DEP
+#if CONFIGURATION_DEP
object cfg = ConfigurationManager.GetSection (configKey);
ConnectionManagementSection s = cfg as ConnectionManagementSection;
if (s != null) {
// Properties
-#if NET_2_0
[Obsolete ("Use ServerCertificateValidationCallback instead", false)]
-#endif
public static ICertificatePolicy CertificatePolicy {
get { return policy; }
set { policy = value; }
}
-#if NET_1_0
- // we need it for SslClientStream
- internal
-#else
[MonoTODO("CRL checks not implemented")]
- public
-#endif
- static bool CheckCertificateRevocationList {
+ public static bool CheckCertificateRevocationList {
get { return _checkCRL; }
set { _checkCRL = false; } // TODO - don't yet accept true
}
}
}
-#if NET_2_0
static Exception GetMustImplement ()
{
return new NotImplementedException ();
throw GetMustImplement ();
}
}
-#endif
public static int MaxServicePointIdleTime {
get {
}
}
-#if NET_1_1
public static bool Expect100Continue {
get { return expectContinue; }
set { expectContinue = value; }
get { return useNagle; }
set { useNagle = value; }
}
-#endif
+
// Methods
-
+ public static void SetTcpKeepAlive (bool enabled, int keepAliveTime, int keepAliveInterval)
+ {
+ if (enabled) {
+ if (keepAliveTime <= 0)
+ throw new ArgumentOutOfRangeException ("keepAliveTime", "Must be greater than 0");
+ if (keepAliveInterval <= 0)
+ throw new ArgumentOutOfRangeException ("keepAliveInterval", "Must be greater than 0");
+ }
+
+ tcp_keepalive = enabled;
+ tcp_keepalive_time = keepAliveTime;
+ tcp_keepalive_interval = keepAliveInterval;
+ }
+
public static ServicePoint FindServicePoint (Uri address)
{
return FindServicePoint (address, GlobalProxySelection.Select);
int limit = (int) manager.GetMaxConnections (addr);
#endif
sp = new ServicePoint (address, limit, maxServicePointIdleTime);
-#if NET_1_1
sp.Expect100Continue = expectContinue;
sp.UseNagleAlgorithm = useNagle;
-#endif
sp.UsesProxy = usesProxy;
sp.UseConnect = useConnect;
+ sp.SetTcpKeepAlive (tcp_keepalive, tcp_keepalive_time, tcp_keepalive_interval);
servicePoints.Add (key, sp);
}
return new ValidationResult (true, false, 0);
}
}
-#elif NET_2_0 && SECURITY_DEP
+#elif SECURITY_DEP
internal class ChainValidationHelper {
object sender;
string host;
static bool is_macosx = System.IO.File.Exists (MSX.OSX509Certificates.SecurityLibrary);
static X509RevocationMode revocation_mode;
+#if MONODROID
+ static readonly Converter<Mono.Security.X509.X509CertificateCollection, bool> monodroidCallback;
+#endif
+
static ChainValidationHelper ()
{
+#if MONODROID
+ monodroidCallback = (Converter<Mono.Security.X509.X509CertificateCollection, bool>)
+ Delegate.CreateDelegate (typeof(Converter<Mono.Security.X509.X509CertificateCollection, bool>),
+ Type.GetType ("Android.Runtime.AndroidEnvironment, Mono.Android", true)
+ .GetMethod ("TrustEvaluateSsl",
+ System.Reflection.BindingFlags.Static | System.Reflection.BindingFlags.NonPublic));
+#endif
+#if !MONOTOUCH
revocation_mode = X509RevocationMode.NoCheck;
try {
string str = Environment.GetEnvironmentVariable ("MONO_X509_REVOCATION_MODE");
revocation_mode = (X509RevocationMode) Enum.Parse (typeof (X509RevocationMode), str, true);
} catch {
}
+#endif
}
public ChainValidationHelper (object sender)
ICertificatePolicy policy = ServicePointManager.CertificatePolicy;
RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
- X509Chain chain = new X509Chain ();
+ X509Certificate2 leaf = new X509Certificate2 (certs [0].RawData);
+ int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
+ SslPolicyErrors errors = 0;
+ X509Chain chain = null;
+#if !MONOTOUCH
+ chain = new X509Chain ();
chain.ChainPolicy = new X509ChainPolicy ();
chain.ChainPolicy.RevocationMode = revocation_mode;
for (int i = 1; i < certs.Count; i++) {
chain.ChainPolicy.ExtraStore.Add (c2);
}
- X509Certificate2 leaf = new X509Certificate2 (certs [0].RawData);
- int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
- SslPolicyErrors errors = 0;
try {
if (!chain.Build (leaf))
errors |= GetErrorsFromChain (chain);
Console.Error.WriteLine ("Please, report this problem to the Mono team");
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
-
+#endif
if (!CheckCertificateUsage (leaf)) {
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
status11 = -2146762490; //CERT_E_PURPOSE 0x800B0106
#endif
// Attempt to use OSX certificates
// Ideally we should return the SecTrustResult
- MSX.OSX509Certificates.SecTrustResult trustResult;
+ MSX.OSX509Certificates.SecTrustResult trustResult = MSX.OSX509Certificates.SecTrustResult.Deny;
try {
trustResult = MSX.OSX509Certificates.TrustEvaluateSsl (certs);
// We could use the other values of trustResult to pass this extra information
if (result) {
status11 = 0;
errors = 0;
+ } else {
+ // callback and DefaultCertificatePolicy needs this since 'result' is not specified
+ status11 = (int) trustResult;
+ errors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
#if !MONOTOUCH
}
#endif
+#if MONODROID
+ result = monodroidCallback (certs);
+ if (result) {
+ status11 = 0;
+ errors = 0;
+ }
+#endif
+
if (policy != null && (!(policy is DefaultCertificatePolicy) || cb == null)) {
ServicePoint sp = null;
HttpWebRequest req = sender as HttpWebRequest;
if (req != null)
- sp = req.ServicePoint;
+ sp = req.ServicePointNoLock;
if (status11 == 0 && errors != 0)
status11 = GetStatusFromChain (chain);
if (cert.Version < 3)
return true;
- X509KeyUsageExtension kux = (X509KeyUsageExtension) cert.Extensions ["2.5.29.15"];
- X509EnhancedKeyUsageExtension eku = (X509EnhancedKeyUsageExtension) cert.Extensions ["2.5.29.37"];
+ X509KeyUsageExtension kux = (cert.Extensions ["2.5.29.15"] as X509KeyUsageExtension);
+ X509EnhancedKeyUsageExtension eku = (cert.Extensions ["2.5.29.37"] as X509EnhancedKeyUsageExtension);
if (kux != null && eku != null) {
// RFC3280 states that when both KeyUsageExtension and
// ExtendedKeyUsageExtension are present then BOTH should
X509Extension ext = cert.Extensions ["2.16.840.1.113730.1.1"];
if (ext != null) {
string text = ext.NetscapeCertType (false);
- return text.IndexOf ("SSL Server Authentication") != -1;
+ return text.IndexOf ("SSL Server Authentication", StringComparison.Ordinal) != -1;
}
return true;
} catch (Exception e) {