Imported Upstream version 4.4.0.182

Former-commit-id: ea38b2115ac3af9a394fe6cddf2be2acd11bc002

mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs

@@ -73,16 +73,12 @@ namespace Mono.Net.Security
 		public static X509Chain CreateX509Chain (XX509CertificateCollection certs)
 		{
 			var chain = new X509Chain ();
-			chain.ChainPolicy = new X509ChainPolicy ();
+			chain.ChainPolicy = new X509ChainPolicy ((X509CertificateCollection)(object)certs);
 
 #if !MOBILE
 			chain.ChainPolicy.RevocationMode = revocation_mode;
 #endif
 
-			for (int i = 1; i < certs.Count; i++) {
-				chain.ChainPolicy.ExtraStore.Add (certs [i]);
-			}
-
 			return chain;
 		}
 

mcs/class/System/System.Net.Sockets/Socket.cs.REMOVED.git-id

@@ -1 +1 @@
-0f1c977a71d57169dc91c54c8baa329f65d18b38
+b41d204ace8747f8b745660642c23d3998baf913

mcs/class/System/System.Net/ServicePointManager.extra.cs

@@ -12,12 +12,20 @@ using System.Collections.Generic;
 
 namespace System.Net {
 
+	/*
+	 * The idea behind this API was to let the application filter the set of cipher suites received / send to
+	 * the remote side.  This concept does not any longer work with the new native implementations.
+	 */
+
+	[Obsolete ("This API is no longer supported.")]
 	public delegate IEnumerable<string> CipherSuitesCallback (SecurityProtocolType protocol, IEnumerable<string> allCiphers);
 
 	public partial class ServicePointManager {
 
+		[Obsolete ("This API is no longer supported.", true)]
 		public static CipherSuitesCallback ClientCipherSuitesCallback { get; set; }
 
+		[Obsolete ("This API is no longer supported.", true)]
 		public static CipherSuitesCallback ServerCipherSuitesCallback { get; set; }
 	}
-}
+}

mcs/class/System/System.Security.Cryptography.X509Certificates/OSX509Certificates.cs

@@ -154,7 +154,8 @@ namespace System.Security.Cryptography.X509Certificates {
 
 				certArray = FromIntPtrs (secCerts);
 
-				host = CFStringCreateWithCharacters (IntPtr.Zero, hostName, (IntPtr) hostName.Length);
+				if (!string.IsNullOrEmpty (hostName))
+					host = CFStringCreateWithCharacters (IntPtr.Zero, hostName, (IntPtr) hostName.Length);
 				sslsecpolicy = SecPolicyCreateSSL (true, host);
 
 				int code = SecTrustCreateWithCertificates (certArray, sslsecpolicy, out sectrust);

mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs

@@ -35,7 +35,8 @@ namespace System.Security.Cryptography.X509Certificates {
 
 		private OidCollection apps;
 		private OidCollection cert;
-		private X509Certificate2Collection store;
+		private X509CertificateCollection store;
+		private X509Certificate2Collection store2;
 		private X509RevocationFlag rflag;
 		private X509RevocationMode mode;
 		private TimeSpan timeout;
@@ -49,6 +50,24 @@ namespace System.Security.Cryptography.X509Certificates {
 			Reset ();
 		}
 
+		/*
+		 * Lazy-init ExtraStore from X509CertificateCollection.
+		 * This is called from Mono.Net.Security.SystemCertificateValidator.CreateX509Chain.
+		 *
+		 * AppleTLS supports a lazily-initialized X509Certificate, but not X509Certificate2 so
+		 * we need to fall-back to using Mono.Security.X509 whenever we need an X509Certificate2.
+		 * To avoid unnecessary fallbacks, the private Mono.Net.Security APIs use X509Certificate
+		 * instead of X509Certificate2.
+		 *
+		 * Since 'ExtraStore' returns X509Certificate2Collection, we need to convert these to
+		 * X509Certificate2.
+		 */
+		internal X509ChainPolicy (X509CertificateCollection store)
+		{
+			this.store = store;
+			Reset ();
+		}
+
 		// properties
 
 		public OidCollection ApplicationPolicy {
@@ -60,7 +79,18 @@ namespace System.Security.Cryptography.X509Certificates {
 		}
 
 		public X509Certificate2Collection ExtraStore {
-			get { return store; }
+			get {
+				if (store2 != null)
+					return store2;
+
+				store2 = new X509Certificate2Collection ();
+				if (store != null) {
+					foreach (var cert in store) {
+						store2.Add (new X509Certificate2 (cert));
+					}
+				}
+				return store2;
+			}
 		}
 
 		public X509RevocationFlag RevocationFlag {
@@ -106,7 +136,7 @@ namespace System.Security.Cryptography.X509Certificates {
 		{
 			apps = new OidCollection ();
 			cert = new OidCollection ();
-			store = new X509Certificate2Collection ();
+			store2 = null;
 			rflag = X509RevocationFlag.ExcludeRoot;
 			mode = X509RevocationMode.Online;
 			timeout = TimeSpan.Zero;

mcs/class/System/System_test.dll.sources

@@ -247,6 +247,7 @@ System.Net.Sockets/MulticastOptionTest.cs
 System.Net.Sockets/NetworkStreamTest.cs
 System.Net.Sockets/TcpClientTest.cs
 System.Net.Sockets/TcpListenerTest.cs
+System.Net.Sockets/SocketAcceptAsyncTest.cs
 System.Net.Sockets/SocketTest.cs
 System.Net.Sockets/SocketAsyncEventArgsTest.cs
 System.Net.Sockets/SocketConnectAsyncTest.cs

mcs/class/System/Test/System.Net.Security/SslStreamTest.cs

@@ -93,80 +93,6 @@ public class SslStreamTest {
 		}
 	}
 
-	[Test]
-	public void ClientCipherSuitesCallback ()
-	{
-		try {
-			ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
-				string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_";
-				return new List<string> { prefix + "RSA_WITH_AES_128_CBC_SHA" };
-			};
-			// client will only offers AES 128 - that's fine since the server support it (and many more ciphers)
-			AuthenticateClientAndServer_ClientSendsNoData ();
-		}
-		finally {
-			ServicePointManager.ClientCipherSuitesCallback = null;
-		}
-	}
-
-	[Test]
-	public void ServerCipherSuitesCallback ()
-	{
-		try {
-			ServicePointManager.ServerCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
-				string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_";
-					return new List<string> { prefix + "RSA_WITH_AES_256_CBC_SHA" };
-			};
-			// server only accept AES 256 - that's fine since the client support it (and many more ciphers)
-			AuthenticateClientAndServer_ClientSendsNoData ();
-		}
-		finally {
-			ServicePointManager.ServerCipherSuitesCallback = null;
-		}
-	}
-
-	[Test]
-	public void CipherSuitesCallbacks ()
-	{
-		try {
-			ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
-				string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_";
-				return new List<string> { prefix + "RSA_WITH_AES_128_CBC_SHA", prefix + "RSA_WITH_AES_256_CBC_SHA" };
-			};
-			ServicePointManager.ServerCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
-				string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_";
-				return new List<string> { prefix + "RSA_WITH_AES_128_CBC_SHA", prefix + "RSA_WITH_AES_256_CBC_SHA" };
-			};
-			// both client and server supports AES (128 and 256) - server will select 128 (first choice)
-			AuthenticateClientAndServer_ClientSendsNoData ();
-		}
-		finally {
-			ServicePointManager.ClientCipherSuitesCallback = null;
-			ServicePointManager.ServerCipherSuitesCallback = null;
-		}
-	}
-
-	[Test]
-	public void MismatchedCipherSuites ()
-	{
-		try {
-			ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
-				string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_";
-				return new List<string> { prefix + "RSA_WITH_AES_128_CBC_SHA" };
-			};
-			ServicePointManager.ServerCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
-				string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_";
-				return new List<string> { prefix + "RSA_WITH_AES_256_CBC_SHA" };
-			};
-			// mismatch! server will refuse and send back an alert
-			AuthenticateClientAndServer (false, false);
-		}
-		finally {
-			ServicePointManager.ClientCipherSuitesCallback = null;
-			ServicePointManager.ServerCipherSuitesCallback = null;
-		}
-	}
-
 	private void StartClientAndAuthenticate (ClientServerState state, 
 						 IPEndPoint endPoint) {
 		try {

mcs/class/System/Test/System.Net.Sockets/SocketAcceptAsyncTest.cs

@@ -0,0 +1,60 @@
+using System.Threading;
+using System.Net;
+using System.Net.Sockets;
+using NUnit.Framework;
+
+namespace MonoTests.System.Net.Sockets
+{
+	[TestFixture]
+	public class SocketAcceptAsyncTest
+	{
+		[Test]
+		public void AcceptAsyncShouldUseAcceptSocketFromEventArgs()
+		{
+			var readyEvent = new ManualResetEvent(false);
+			var mainEvent = new ManualResetEvent(false);
+			var listenSocket = new Socket(
+				AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+			var serverSocket = new Socket(
+					AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+			Socket acceptedSocket = null;
+
+			ThreadPool.QueueUserWorkItem(_ =>
+			{
+				listenSocket.Bind(new IPEndPoint(IPAddress.Loopback, 0));
+				listenSocket.Listen(1);
+
+				var asyncEventArgs = new SocketAsyncEventArgs {AcceptSocket = serverSocket};
+				asyncEventArgs.Completed += (s, e) =>
+				{
+					acceptedSocket = e.AcceptSocket;
+					mainEvent.Set();
+				};
+
+				readyEvent.Set();
+
+				if (listenSocket.AcceptAsync(asyncEventArgs))
+					return;
+				acceptedSocket = asyncEventArgs.AcceptSocket;
+				mainEvent.Set();
+			});
+			Assert.IsTrue(readyEvent.WaitOne(1500));
+
+			var clientSocket = new Socket(
+				AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+			clientSocket.Connect(listenSocket.LocalEndPoint);
+			clientSocket.NoDelay = true;
+
+			Assert.IsTrue(mainEvent.WaitOne(1500));
+			Assert.AreEqual(serverSocket, acceptedSocket);
+			mainEvent.Reset();
+
+			if (acceptedSocket != null)
+				acceptedSocket.Close();
+
+			listenSocket.Close();
+			readyEvent.Close();
+			mainEvent.Close();
+		}
+	}
+}

mcs/class/System/Test/System.Net/DnsTest.cs

@@ -7,13 +7,6 @@
 // (C) 2001 Mads Pultz
 // (C) 2003 Martin Willemoes Hansen
 // 
-// This test assumes the following:
-// 1) The following Internet sites exist:
-//        www.go-mono.com with IP address 64.14.94.188
-//        info.diku.dk with IP address 130.225.96.4
-// 2) The following DNS name does not exist:
-//        www.hopefullydoesnotexist.dk
-//
 
 using System;
 using System.Collections;
@@ -28,12 +21,12 @@ namespace MonoTests.System.Net
 	[TestFixture]
 	public class DnsTest
 	{
-		private String site1Name = "jenkins.mono-project.com",
-			site1Dot = "162.253.133.196",
-			site2Name = "info.diku.dk",
-			site2Dot = "130.225.96.4",
+		private String site1Name = "google-public-dns-a.google.com",
+			site1Dot = "8.8.8.8",
+			site2Name = "google-public-dns-b.google.com",
+			site2Dot = "8.8.4.4",
 			noneExistingSite = "unlikely.xamarin.com";
-		private uint site1IP = 1852407392, site2IP = 2195808260; // Big-Endian
+		private uint site1IP = 134744072, site2IP = 134743044; // Big-Endian
 
 		[Test]
 		public void AsyncGetHostByName ()
@@ -44,7 +37,7 @@ namespace MonoTests.System.Net
 			IAsyncResult async = Dns.BeginGetHostByName (site1Name, null, null);
 			IPHostEntry entry = Dns.EndGetHostByName (async);
 			SubTestValidIPHostEntry (entry);
-			Assert.IsTrue (entry.HostName == "jenkins.mono-project.com");
+			Assert.IsTrue (entry.HostName == "google-public-dns-a.google.com");
 		}
 
 		void GetHostByNameCallback (IAsyncResult ar)
@@ -189,7 +182,7 @@ namespace MonoTests.System.Net
 		[Test]
 		public void GetHostByName ()
 		{
-			SubTestGetHostByName ("jenkins.mono-project.com", site1Dot);
+			SubTestGetHostByName (site1Name, site1Dot);
 			SubTestGetHostByName (site2Name, site2Dot);
 			try {
 				var entry = Dns.GetHostByName (noneExistingSite);