mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 4.4.0.122

Browse Source 
Former-commit-id: a99f46acaeba3ab496c7afc02c29b839e30a0d0b
This commit is contained in:
Xamarin Public Jenkins
2016-04-12 13:19:31 -04:00
parent a632333cc7
commit d444f0caa4
118 changed files with 4121 additions and 1632 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
View File

@@ -74,7 +74,7 @@ namespace Mono.Net.Security
{
internal delegate bool ServerCertValidationCallbackWrapper (ServerCertValidationCallback callback, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors);
internal class ChainValidationHelper : ICertificateValidator
internal class ChainValidationHelper : ICertificateValidator2
{
readonly object sender;
readonly MonoTlsSettings settings;
@@ -228,7 +228,7 @@ namespace Mono.Net.Security
var certs = new XX509CertificateCollection ();
certs.Add (new X509Certificate2 (certificate.GetRawCertData ()));
var result = ValidateChain (string.Empty, true, certs, (SslPolicyErrors)errors);
var result = ValidateChain (string.Empty, true, certificate, null, certs, (SslPolicyErrors)errors);
if (result == null)
return false;
@@ -238,7 +238,12 @@ namespace Mono.Net.Security
public ValidationResult ValidateCertificate (string host, bool serverMode, XX509CertificateCollection certs)
{
try {
var result = ValidateChain (host, serverMode, certs, 0);
X509Certificate leaf;
if (certs != null && certs.Count != 0)
leaf = certs [0];
else
leaf = null;
var result = ValidateChain (host, serverMode, leaf, null, certs, 0);
if (tlsStream != null)
tlsStream.CertificateValidationFailed = result == null || !result.Trusted || result.UserDenied;
return result;
@@ -249,7 +254,43 @@ namespace Mono.Net.Security
}
}
ValidationResult ValidateChain (string host, bool server, XX509CertificateCollection certs, SslPolicyErrors errors)
public ValidationResult ValidateCertificate (string host, bool serverMode, X509Certificate leaf, XX509Chain xchain)
{
try {
var chain = (X509Chain)(object)xchain;
var result = ValidateChain (host, serverMode, leaf, chain, null, 0);
if (tlsStream != null)
tlsStream.CertificateValidationFailed = result == null || !result.Trusted || result.UserDenied;
return result;
} catch {
if (tlsStream != null)
tlsStream.CertificateValidationFailed = true;
throw;
}
}
ValidationResult ValidateChain (string host, bool server, X509Certificate leaf,
X509Chain chain, XX509CertificateCollection certs,
SslPolicyErrors errors)
{
var oldChain = chain;
var ownsChain = chain == null;
try {
var result = ValidateChain (host, server, leaf, ref chain, certs, errors);
if (chain != oldChain)
ownsChain = true;
return result;
} finally {
// If ValidateChain() changed the chain, then we need to free it.
if (ownsChain && chain != null)
chain.Dispose ();
}
}
ValidationResult ValidateChain (string host, bool server, X509Certificate leaf,
ref X509Chain chain, XX509CertificateCollection certs,
SslPolicyErrors errors)
{
// user_denied is true if the user callback is called and returns false
bool user_denied = false;
@@ -257,12 +298,6 @@ namespace Mono.Net.Security
var hasCallback = certValidationCallback != null || callbackWrapper != null;
X509Certificate leaf;
if (certs == null || certs.Count == 0)
leaf = null;
else
leaf = certs [0];
if (tlsStream != null)
request.ServicePoint.UpdateServerCertificate (leaf);
@@ -281,7 +316,6 @@ namespace Mono.Net.Security
ICertificatePolicy policy = ServicePointManager.GetLegacyCertificatePolicy ();
int status11 = 0; // Error code passed to the obsolete ICertificatePolicy callback
X509Chain chain = null;
bool wantsChain = SystemCertificateValidator.NeedsChain (settings);
if (!wantsChain && hasCallback) {
@@ -289,18 +323,15 @@ namespace Mono.Net.Security
wantsChain = true;
}
if (wantsChain)
chain = SystemCertificateValidator.CreateX509Chain (certs);
if (wantsChain || SystemCertificateValidator.NeedsChain (settings))
SystemCertificateValidator.BuildX509Chain (certs, chain, ref errors, ref status11);
bool providerValidated = false;
if (provider != null && provider.HasCustomSystemCertificateValidator) {
var xerrors = (MonoSslPolicyErrors)errors;
var xchain = (XX509Chain)(object)chain;
providerValidated = provider.InvokeSystemCertificateValidator (this, host, server, certs, xchain, out result, ref xerrors, ref status11);
providerValidated = provider.InvokeSystemCertificateValidator (this, host, server, certs, wantsChain, ref xchain, out result, ref xerrors, ref status11);
chain = (X509Chain)(object)xchain;
errors = (SslPolicyErrors)xerrors;
} else if (wantsChain) {
chain = SystemCertificateValidator.CreateX509Chain (certs);
}
if (!providerValidated)

4
mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs
View File

@@ -69,7 +69,7 @@ namespace Mono.Net.Security
return currentProvider;
try {
defaultProvider = CreateDefaultProvider ();
defaultProvider = GetDefaultProviderInternal ();
} catch (Exception ex) {
throw new NotSupportedException ("TLS Support not available.", ex);
}
@@ -174,6 +174,8 @@ namespace Mono.Net.Security
providerRegistration = new Dictionary<string,string> ();
providerRegistration.Add ("newtls", "Mono.Security.Providers.NewTls.NewTlsProvider, Mono.Security.Providers.NewTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756");
providerRegistration.Add ("oldtls", "Mono.Security.Providers.OldTls.OldTlsProvider, Mono.Security.Providers.OldTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756");
providerRegistration.Add ("boringtls", "Xamarin.BoringTls.BoringTlsProvider, Xamarin.BoringTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=672c06b0b8f05406");
X509Helper2.Initialize ();
}
}

20
mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
View File

@@ -86,13 +86,13 @@ namespace Mono.Net.Security
return chain;
}
public static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
{
#if MOBILE
return true;
return false;
#else
if (is_macosx)
return true;
return false;
var leaf = (X509Certificate2)certs [0];
@@ -121,7 +121,9 @@ namespace Mono.Net.Security
static bool CheckUsage (XX509CertificateCollection certs, string host, ref SslPolicyErrors errors, ref int status11)
{
#if !MONOTOUCH
var leaf = (X509Certificate2)certs[0];
var leaf = certs[0] as X509Certificate2;
if (leaf == null)
leaf = new X509Certificate2 (certs[0]);
// for OSX and iOS we're using the native API to check for the SSL server policy and host names
if (!is_macosx) {
if (!CheckCertificateUsage (leaf)) {
@@ -130,7 +132,7 @@ namespace Mono.Net.Security
return false;
}
if (host != null && !CheckServerIdentity (leaf, host)) {
if (!string.IsNullOrEmpty (host) && !CheckServerIdentity (leaf, host)) {
errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
status11 = -2146762481; // CERT_E_CN_NO_MATCH 0x800B010F
return false;
@@ -143,7 +145,7 @@ namespace Mono.Net.Security
static bool EvaluateSystem (XX509CertificateCollection certs, XX509CertificateCollection anchors, string host, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
{
var leaf = certs [0];
var result = false;
bool result;
#if MONODROID
result = AndroidPlatform.TrustEvaluateSsl (certs);
@@ -166,6 +168,8 @@ namespace Mono.Net.Security
result = (trustResult == OSX509Certificates.SecTrustResult.Proceed ||
trustResult == OSX509Certificates.SecTrustResult.Unspecified);
} catch {
result = false;
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
// Ignore
}
@@ -178,6 +182,8 @@ namespace Mono.Net.Security
status11 = (int)trustResult;
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
} else {
result = BuildX509Chain (certs, chain, ref errors, ref status11);
}
#endif
@@ -203,6 +209,8 @@ namespace Mono.Net.Security
#if MOBILE
return false;
#else
if (!is_macosx)
return true;
if (!CertificateValidationHelper.SupportsX509Chain)
return false;
if (settings != null)