targetHost = targetHost.Substring (0, pos);
}
- var policy = SecPolicy.CreateSslPolicy (!serverMode, targetHost);
- var trust = new SecTrust (certificates, policy);
-
- if (validator.Settings.TrustAnchors != null) {
- var status = trust.SetAnchorCertificates (validator.Settings.TrustAnchors);
- if (status != SecStatusCode.Success)
- throw new InvalidOperationException (status.ToString ());
- trust.SetAnchorCertificatesOnly (false);
- }
-
- if (validator.Settings.CertificateValidationTime != null) {
- var status = trust.SetVerifyDate (validator.Settings.CertificateValidationTime.Value);
- if (status != SecStatusCode.Success)
- throw new InvalidOperationException (status.ToString ());
+ using (var policy = SecPolicy.CreateSslPolicy (!serverMode, targetHost))
+ using (var trust = new SecTrust (certificates, policy)) {
+ if (validator.Settings.TrustAnchors != null) {
+ var status = trust.SetAnchorCertificates (validator.Settings.TrustAnchors);
+ if (status != SecStatusCode.Success)
+ throw new InvalidOperationException (status.ToString ());
+ trust.SetAnchorCertificatesOnly (false);
+ }
+
+ if (validator.Settings.CertificateValidationTime != null) {
+ var status = trust.SetVerifyDate (validator.Settings.CertificateValidationTime.Value);
+ if (status != SecStatusCode.Success)
+ throw new InvalidOperationException (status.ToString ());
+ }
+
+ var result = trust.Evaluate ();
+ if (result == SecTrustResult.Unspecified)
+ return true;
+
+ errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors;
+ return false;
}
-
- var result = trust.Evaluate ();
- if (result == SecTrustResult.Unspecified)
- return true;
-
- errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors;
- return false;
}
}
}
*
*/
- var trust = GetPeerTrust (!IsServer);
- X509CertificateCollection certificates;
+ bool ok;
+ SecTrust trust = null;
+ X509CertificateCollection certificates = null;
- if (trust == null || trust.Count == 0) {
- remoteCertificate = null;
- if (!IsServer)
- throw new TlsException (AlertDescription.CertificateUnknown);
- certificates = null;
- } else {
- if (trust.Count > 1)
- Debug ("WARNING: Got multiple certificates in SecTrust!");
+ try {
+ trust = GetPeerTrust (!IsServer);
- certificates = new X509CertificateCollection ();
- for (int i = 0; i < trust.Count; i++)
- certificates.Add (trust [(IntPtr)i].ToX509Certificate ());
+ if (trust == null || trust.Count == 0) {
+ remoteCertificate = null;
+ if (!IsServer)
+ throw new TlsException (AlertDescription.CertificateUnknown);
+ certificates = null;
+ } else {
+ if (trust.Count > 1)
+ Debug ("WARNING: Got multiple certificates in SecTrust!");
- remoteCertificate = certificates [0];
- Debug ("Got peer trust: {0}", remoteCertificate);
- }
+ certificates = new X509CertificateCollection ();
+ for (int i = 0; i < trust.Count; i++)
+ certificates.Add (trust.GetCertificate (i));
+
+ remoteCertificate = new X509Certificate (certificates [0]);
+ Debug ("Got peer trust: {0}", remoteCertificate);
+ }
- bool ok;
- try {
ok = ValidateCertificate (certificates);
} catch (Exception ex) {
Debug ("Certificate validation failed: {0}", ex);
throw new TlsException (AlertDescription.CertificateUnknown, "Certificate validation threw exception.");
+ } finally {
+ if (trust != null)
+ trust.Dispose ();
+ if (certificates != null) {
+ for (int i = 0; i < certificates.Count; i++)
+ certificates [i].Dispose ();
+ }
}
if (!ok)
foreach (var certificate in certificates)
array [i++] = new SecCertificate (certificate);
Initialize (array, policy);
+ for (i = 0; i < array.Length; i++)
+ array [i].Dispose ();
}
void Initialize (SecCertificate[] array, SecPolicy policy)
}
}
+ internal X509Certificate GetCertificate (int index)
+ {
+ if (handle == IntPtr.Zero)
+ throw new ObjectDisposedException ("SecTrust");
+ if (((long)index < 0) || ((long)index >= Count))
+ throw new ArgumentOutOfRangeException ("index");
+
+ var ptr = SecTrustGetCertificateAtIndex (handle, (IntPtr)index);
+ return new X509Certificate (ptr);
+ }
+
[DllImport (AppleTlsContext.SecurityLibrary)]
extern static SecStatusCode /* OSStatus */ SecTrustSetAnchorCertificates (IntPtr /* SecTrustRef */ trust, IntPtr /* CFArrayRef */ anchorCertificates);