Imported Upstream version 5.4.0.199

Former-commit-id: f4d318e4b2f128fa9f4d31b37bb3839a3fc0dfb2

mcs/class/System/Mono.AppleTls/AppleCertificateHelper.cs

@@ -133,28 +133,28 @@ namespace Mono.AppleTls
 					targetHost = targetHost.Substring (0, pos);
 			}
 
-			var policy = SecPolicy.CreateSslPolicy (!serverMode, targetHost);
-			var trust = new SecTrust (certificates, policy);
+			using (var policy = SecPolicy.CreateSslPolicy (!serverMode, targetHost))
+			using (var trust = new SecTrust (certificates, policy)) {
+				if (validator.Settings.TrustAnchors != null) {
+					var status = trust.SetAnchorCertificates (validator.Settings.TrustAnchors);
+					if (status != SecStatusCode.Success)
+						throw new InvalidOperationException (status.ToString ());
+					trust.SetAnchorCertificatesOnly (false);
+				}
 
-			if (validator.Settings.TrustAnchors != null) {
-				var status = trust.SetAnchorCertificates (validator.Settings.TrustAnchors);
-				if (status != SecStatusCode.Success)
-					throw new InvalidOperationException (status.ToString ());
-				trust.SetAnchorCertificatesOnly (false);
+				if (validator.Settings.CertificateValidationTime != null) {
+					var status = trust.SetVerifyDate (validator.Settings.CertificateValidationTime.Value);
+					if (status != SecStatusCode.Success)
+						throw new InvalidOperationException (status.ToString ());
+				}
+
+				var result = trust.Evaluate ();
+				if (result == SecTrustResult.Unspecified)
+					return true;
+
+				errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors;
+				return false;
 			}
-
-			if (validator.Settings.CertificateValidationTime != null) {
-				var status = trust.SetVerifyDate (validator.Settings.CertificateValidationTime.Value);
-				if (status != SecStatusCode.Success)
-					throw new InvalidOperationException (status.ToString ());
-			}
-
-			var result = trust.Evaluate ();
-			if (result == SecTrustResult.Unspecified)
-				return true;
-
-			errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors;
-			return false;
 		}
 	}
 }

mcs/class/System/Mono.AppleTls/AppleTlsContext.cs

@@ -235,32 +235,41 @@ namespace Mono.AppleTls
 			 * 
 			 */
 
-			var trust = GetPeerTrust (!IsServer);
-			X509CertificateCollection certificates;
-
-			if (trust == null || trust.Count == 0) {
-				remoteCertificate = null;
-				if (!IsServer)
-					throw new TlsException (AlertDescription.CertificateUnknown);
-				certificates = null;
-			} else {
-				if (trust.Count > 1)
-					Debug ("WARNING: Got multiple certificates in SecTrust!");
-
-				certificates = new X509CertificateCollection ();
-				for (int i = 0; i < trust.Count; i++)
-					certificates.Add (trust [(IntPtr)i].ToX509Certificate ());
-
-				remoteCertificate = certificates [0];
-				Debug ("Got peer trust: {0}", remoteCertificate);
-			}
-
 			bool ok;
+			SecTrust trust = null;
+			X509CertificateCollection certificates = null;
+
 			try {
+				trust = GetPeerTrust (!IsServer);
+
+				if (trust == null || trust.Count == 0) {
+					remoteCertificate = null;
+					if (!IsServer)
+						throw new TlsException (AlertDescription.CertificateUnknown);
+					certificates = null;
+				} else {
+					if (trust.Count > 1)
+						Debug ("WARNING: Got multiple certificates in SecTrust!");
+
+					certificates = new X509CertificateCollection ();
+					for (int i = 0; i < trust.Count; i++)
+						certificates.Add (trust.GetCertificate (i));
+
+					remoteCertificate = new X509Certificate (certificates [0]);
+					Debug ("Got peer trust: {0}", remoteCertificate);
+				}
+
 				ok = ValidateCertificate (certificates);
 			} catch (Exception ex) {
 				Debug ("Certificate validation failed: {0}", ex);
 				throw new TlsException (AlertDescription.CertificateUnknown, "Certificate validation threw exception.");
+			} finally {
+				if (trust != null)
+					trust.Dispose ();
+				if (certificates != null) {
+					for (int i = 0; i < certificates.Count; i++)
+						certificates [i].Dispose ();
+				}
 			}
 
 			if (!ok)
@@ -665,7 +674,7 @@ namespace Mono.AppleTls
 				if (value == IntPtr.Zero)
 					throw new TlsException (AlertDescription.CertificateUnknown);
 			}
-			return (value == IntPtr.Zero) ? null : new SecTrust (value);
+			return (value == IntPtr.Zero) ? null : new SecTrust (value, true);
 		}
 
 		#endregion

mcs/class/System/Mono.AppleTls/Trust.cs

@@ -66,6 +66,8 @@ namespace Mono.AppleTls {
 			foreach (var certificate in certificates)
 				array [i++] = new SecCertificate (certificate);
 			Initialize (array, policy);
+			for (i = 0; i < array.Length; i++)
+				array [i].Dispose ();
 		}
 
 		void Initialize (SecCertificate[] array, SecPolicy policy)
@@ -122,6 +124,17 @@ namespace Mono.AppleTls {
 			}
 		}
 
+		internal X509Certificate GetCertificate (int index)
+		{
+			if (handle == IntPtr.Zero)
+				throw new ObjectDisposedException ("SecTrust");
+			if (index < 0 || index >= Count)
+				throw new ArgumentOutOfRangeException ("index");
+
+			var ptr = SecTrustGetCertificateAtIndex (handle, (IntPtr)index);
+			return new X509Certificate (ptr);
+		}
+
 		[DllImport (AppleTlsContext.SecurityLibrary)]
 		extern static SecStatusCode /* OSStatus */ SecTrustSetAnchorCertificates (IntPtr /* SecTrustRef */ trust, IntPtr /* CFArrayRef */ anchorCertificates);
 

mcs/class/System/ReferenceSources/Win32Exception.cs.REMOVED.git-id

@@ -1 +1 @@
-fe514b868d2ddd7479dee6238a5848350be33611
+83404914b3bd686a8fb10da985249e69631c4de7

mcs/class/System/System.Net/WebConnection.cs

@@ -56,7 +56,6 @@ namespace System.Net
 		object socketLock = new object ();
 		IWebConnectionState state;
 		WebExceptionStatus status;
-		WaitCallback initConn;
 		bool keepAlive;
 		byte [] buffer;
 		EventHandler abortHandler;