private static bool _checkCRL = false;
private static SecurityProtocolType _securityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
-#if NET_1_1
#if TARGET_JVM
static bool expectContinue = false;
#else
static bool expectContinue = true;
#endif
static bool useNagle;
-#endif
static RemoteCertificateValidationCallback server_cert_cb;
static bool tcp_keepalive;
static int tcp_keepalive_time;
static ServicePointManager ()
{
#if !NET_2_1
-#if NET_2_0 && CONFIGURATION_DEP
+#if CONFIGURATION_DEP
object cfg = ConfigurationManager.GetSection (configKey);
ConnectionManagementSection s = cfg as ConnectionManagementSection;
if (s != null) {
// Properties
-#if NET_2_0
[Obsolete ("Use ServerCertificateValidationCallback instead", false)]
-#endif
public static ICertificatePolicy CertificatePolicy {
get { return policy; }
set { policy = value; }
}
-#if NET_1_0
- // we need it for SslClientStream
- internal
-#else
[MonoTODO("CRL checks not implemented")]
- public
-#endif
- static bool CheckCertificateRevocationList {
+ public static bool CheckCertificateRevocationList {
get { return _checkCRL; }
set { _checkCRL = false; } // TODO - don't yet accept true
}
}
}
-#if NET_2_0
static Exception GetMustImplement ()
{
return new NotImplementedException ();
throw GetMustImplement ();
}
}
-#endif
public static int MaxServicePointIdleTime {
get {
}
}
-#if NET_1_1
public static bool Expect100Continue {
get { return expectContinue; }
set { expectContinue = value; }
get { return useNagle; }
set { useNagle = value; }
}
-#endif
+
// Methods
public static void SetTcpKeepAlive (bool enabled, int keepAliveTime, int keepAliveInterval)
{
return new ValidationResult (true, false, 0);
}
}
-#elif NET_2_0 && SECURITY_DEP
+#elif SECURITY_DEP
internal class ChainValidationHelper {
object sender;
string host;
.GetMethod ("TrustEvaluateSsl",
System.Reflection.BindingFlags.Static | System.Reflection.BindingFlags.NonPublic));
#endif
+#if !MONOTOUCH
revocation_mode = X509RevocationMode.NoCheck;
try {
string str = Environment.GetEnvironmentVariable ("MONO_X509_REVOCATION_MODE");
revocation_mode = (X509RevocationMode) Enum.Parse (typeof (X509RevocationMode), str, true);
} catch {
}
+#endif
}
public ChainValidationHelper (object sender)
ICertificatePolicy policy = ServicePointManager.CertificatePolicy;
RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
- X509Chain chain = new X509Chain ();
+ X509Certificate2 leaf = new X509Certificate2 (certs [0].RawData);
+ int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
+ SslPolicyErrors errors = 0;
+ X509Chain chain = null;
+#if !MONOTOUCH
+ chain = new X509Chain ();
chain.ChainPolicy = new X509ChainPolicy ();
chain.ChainPolicy.RevocationMode = revocation_mode;
for (int i = 1; i < certs.Count; i++) {
chain.ChainPolicy.ExtraStore.Add (c2);
}
- X509Certificate2 leaf = new X509Certificate2 (certs [0].RawData);
- int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
- SslPolicyErrors errors = 0;
try {
if (!chain.Build (leaf))
errors |= GetErrorsFromChain (chain);
Console.Error.WriteLine ("Please, report this problem to the Mono team");
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
-
+#endif
if (!CheckCertificateUsage (leaf)) {
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
status11 = -2146762490; //CERT_E_PURPOSE 0x800B0106
#endif
// Attempt to use OSX certificates
// Ideally we should return the SecTrustResult
- MSX.OSX509Certificates.SecTrustResult trustResult;
+ MSX.OSX509Certificates.SecTrustResult trustResult = MSX.OSX509Certificates.SecTrustResult.Deny;
try {
trustResult = MSX.OSX509Certificates.TrustEvaluateSsl (certs);
// We could use the other values of trustResult to pass this extra information
if (result) {
status11 = 0;
errors = 0;
+ } else {
+ // callback and DefaultCertificatePolicy needs this since 'result' is not specified
+ status11 = (int) trustResult;
+ errors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
#if !MONOTOUCH
}
ServicePoint sp = null;
HttpWebRequest req = sender as HttpWebRequest;
if (req != null)
- sp = req.ServicePoint;
+ sp = req.ServicePointNoLock;
if (status11 == 0 && errors != 0)
status11 = GetStatusFromChain (chain);