#region Fields
private SslServerStream sslStream;
+ private bool request_client_certificate;
private bool clientCertificateRequired;
#endregion
get { return this.clientCertificateRequired; }
}
+ public bool RequestClientCertificate {
+ get { return request_client_certificate; }
+ }
+
#endregion
#region Constructors
SslServerStream stream,
SecurityProtocolType securityProtocolType,
X509Certificate serverCertificate,
- bool clientCertificateRequired)
+ bool clientCertificateRequired,
+ bool requestClientCertificate)
: base(securityProtocolType)
{
this.sslStream = stream;
this.clientCertificateRequired = clientCertificateRequired;
+ this.request_client_certificate = requestClientCertificate;
// Convert the System.Security cert to a Mono Cert
MonoX509.X509Certificate cert = new MonoX509.X509Certificate(serverCertificate.GetRawCertData());
{
}
+ public SslServerStream(
+ Stream stream,
+ X509Certificate serverCertificate,
+ bool clientCertificateRequired,
+ bool requestClientCertificate,
+ bool ownsStream)
+ : this (stream, serverCertificate, clientCertificateRequired, requestClientCertificate, ownsStream, SecurityProtocolType.Default)
+ {
+ }
+
public SslServerStream(
Stream stream,
X509Certificate serverCertificate,
bool clientCertificateRequired,
bool ownsStream,
SecurityProtocolType securityProtocolType)
+ : this (stream, serverCertificate, clientCertificateRequired, false, ownsStream, securityProtocolType)
+ {
+ }
+
+ public SslServerStream(
+ Stream stream,
+ X509Certificate serverCertificate,
+ bool clientCertificateRequired,
+ bool requestClientCertificate,
+ bool ownsStream,
+ SecurityProtocolType securityProtocolType)
: base(stream, ownsStream)
{
this.context = new ServerContext(
this,
securityProtocolType,
serverCertificate,
- clientCertificateRequired);
+ clientCertificateRequired,
+ requestClientCertificate);
this.protocol = new ServerRecordProtocol(innerStream, (ServerContext)this.context);
}
// If the negotiated cipher is a KeyEx cipher or
// the client certificate is required send the CertificateRequest message
if (this.context.Negotiating.Cipher.IsExportable ||
- ((ServerContext)this.context).ClientCertificateRequired)
+ ((ServerContext)this.context).ClientCertificateRequired ||
+ ((ServerContext)this.context).RequestClientCertificate)
{
this.protocol.SendRecord(HandshakeType.CertificateRequest);
certRequested = true;
}
}
- if (certRequested && (this.context.ClientSettings.ClientCertificate == null))
- {
- // we asked for a certificate but didn't receive one
- // e.g. wget for SSL3
- if (!RaiseClientCertificateValidation(null, new int[0]))
- {
- throw new TlsException(
- AlertDescription.BadCertificate,
- "No certificate received from client.");
- }
+ if (certRequested) {
+ X509Certificate client_cert = this.context.ClientSettings.ClientCertificate;
+ if (client_cert == null && ((ServerContext)this.context).ClientCertificateRequired)
+ throw new TlsException (AlertDescription.BadCertificate, "No certificate received from client.");
+
+ if (!RaiseClientCertificateValidation (client_cert, new int[0]))
+ throw new TlsException (AlertDescription.BadCertificate, "Client certificate not accepted.");
}
// Send ChangeCipherSpec and ServerFinished messages