+2010-03-01 Gonzalo Paniagua Javier <gonzalo@novell.com>
+
+ * TlsServerCertificate.cs:
+ added a new callback for certificate validation that gets all the
+ certificates received from the server/client. The callee should
+ build the chain and validate it.
+
2009-08-20 Sebastien Pouliot <sebastien@ximian.com>
* TlsServerCertificate.cs: If no usage information is available then
ClientContext context = (ClientContext)this.Context;
AlertDescription description = AlertDescription.BadCertificate;
+#if NET_2_0
+ if (context.SslStream.HaveRemoteValidation2Callback) {
+ if (context.SslStream.RaiseServerCertificateValidation2 (certificates))
+ return;
+ // Give a chance to the 1.x ICertificatePolicy callback
+ }
+#endif
// the leaf is the web server certificate
X509Certificate leaf = certificates [0];
X509Cert.X509Certificate cert = new X509Cert.X509Certificate (leaf.RawData);
+2010-03-01 Gonzalo Paniagua Javier <gonzalo@novell.com>
+
+ * HttpsClientStream.cs: use Address instead
+ of RequestUri to get the right host name when the request is
+ redirected.
+
+ * SslStreamBase.cs:
+ * SslClientStream.cs:
+ * SslServerStream.cs:
+ added a new callback for certificate validation that gets all the
+ certificates received from the server/client. The callee should
+ build the chain and validate it.
+
2009-10-20 Gonzalo Paniagua Javier <gonzalo@novell.com>
* ServerContext.cs:
public HttpsClientStream (Stream stream, X509CertificateCollection clientCertificates,
HttpWebRequest request, byte [] buffer)
- : base (stream, request.RequestUri.Host, false, (Mono.Security.Protocol.Tls.SecurityProtocolType)
+ : base (stream, request.Address.Host, false, (Mono.Security.Protocol.Tls.SecurityProtocolType)
ServicePointManager.SecurityProtocol, clientCertificates)
{
// this constructor permit access to the WebRequest to call
failed = true;
}
#pragma warning restore 618
-
+ if (HaveRemoteValidation2Callback)
+ return failed; // The validation already tried the 2.0 callback
+
SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
if (cb != null) {
SNS.SslPolicyErrors ssl_errors = 0;
public delegate bool CertificateValidationCallback(
X509Certificate certificate,
int[] certificateErrors);
+ public delegate bool CertificateValidationCallback2 (Mono.Security.X509.X509CertificateCollection collection);
public delegate X509Certificate CertificateSelectionCallback(
X509CertificateCollection clientCertificates,
#endregion
+ public event CertificateValidationCallback2 ServerCertValidation2;
#region Constructors
public SslClientStream(
this.ServerCertValidation = null;
this.ClientCertSelection = null;
this.PrivateKeySelection = null;
+ this.ServerCertValidation2 = null;
}
}
return null;
}
-
+
+ internal override bool HaveRemoteValidation2Callback {
+ get { return ServerCertValidation2 != null; }
+ }
+
+ internal override bool OnRemoteCertificateValidation2 (Mono.Security.X509.X509CertificateCollection collection)
+ {
+ CertificateValidationCallback2 cb = ServerCertValidation2;
+ if (cb != null)
+ return cb (collection);
+ return false;
+ }
+
internal override bool OnRemoteCertificateValidation(X509Certificate certificate, int[] errors)
{
if (this.ServerCertValidation != null)
return base.RaiseRemoteCertificateValidation(certificate, certificateErrors);
}
+ internal virtual bool RaiseServerCertificateValidation2 (Mono.Security.X509.X509CertificateCollection collection)
+ {
+ return base.RaiseRemoteCertificateValidation2 (collection);
+ }
+
internal X509Certificate RaiseClientCertificateSelection(
X509CertificateCollection clientCertificates,
X509Certificate serverCertificate,
#endregion
+ public event CertificateValidationCallback2 ClientCertValidation2;
#region Constructors
public SslServerStream(
return (errors != null && errors.Length == 0);
}
+ internal override bool HaveRemoteValidation2Callback {
+ get { return ClientCertValidation2 != null; }
+ }
+
+ internal override bool OnRemoteCertificateValidation2 (Mono.Security.X509.X509CertificateCollection collection)
+ {
+ CertificateValidationCallback2 cb = ClientCertValidation2;
+ if (cb != null)
+ return cb (collection);
+ return false;
+ }
+
internal bool RaiseClientCertificateValidation(
X509Certificate certificate,
int[] certificateErrors)
X509CertificateCollection serverRequestedCertificates);
internal abstract bool OnRemoteCertificateValidation(X509Certificate certificate, int[] errors);
+ internal abstract bool OnRemoteCertificateValidation2 (Mono.Security.X509.X509CertificateCollection collection);
+ internal abstract bool HaveRemoteValidation2Callback { get; }
internal abstract AsymmetricAlgorithm OnLocalPrivateKeySelection(X509Certificate certificate, string targetHost);
return OnRemoteCertificateValidation(certificate, errors);
}
+ internal bool RaiseRemoteCertificateValidation2 (Mono.Security.X509.X509CertificateCollection collection)
+ {
+ return OnRemoteCertificateValidation2 (collection);
+ }
+
internal AsymmetricAlgorithm RaiseLocalPrivateKeySelection(
X509Certificate certificate,
string targetHost)