Imported Upstream version 4.3.2.467

Former-commit-id: 9c2cb47f45fa221e661ab616387c9cda183f283d
2016-02-22 11:00:01 -05:00
parent f302175246
commit f3e3aab35a
4097 changed files with 122406 additions and 82300 deletions
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HttpsClientStream.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HttpsClientStream.cs
@@ -39,6 +39,7 @@ namespace Mono.Security.Protocol.Tls {

 	// Note: DO NOT REUSE this class - instead use SslClientStream

+	[Obsolete ("This class is obsolete and will be removed shortly.")]
 	internal class HttpsClientStream : SslClientStream {

 		private HttpWebRequest _request;
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs
@@ -597,7 +597,7 @@ namespace Mono.Security.Protocol.Tls
 			try {
 				SendAlert(alert);
 			} catch (Exception alertEx) {
-				ex = new IOException (string.Format ("Error while sending TLS Alert ({0}:{1}): {2}", alert.Level, alert.Description, ex), ex);
+				ex = new IOException (string.Format ("Error while sending TLS Alert ({0}:{1}): {2}", alert.Level, alert.Description, ex), alertEx);
 			}
 		}

--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerContext.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerContext.cs
@@ -28,6 +28,7 @@ using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;

 using Mono.Security.Protocol.Tls.Handshake;
+using Mono.Security.Interface;
 using MonoX509 = Mono.Security.X509;

 namespace Mono.Security.Protocol.Tls
@@ -83,14 +84,16 @@ namespace Mono.Security.Protocol.Tls

 			this.ServerSettings.UpdateCertificateRSA();

-			// Build the chain for the certificate and if the chain is correct, add all certificates 
-			// (except the root certificate [FIRST ONE] ... the client is supposed to know that one,
-			// otherwise the whole concept of a trusted chain doesn't work out ... 
-			MonoX509.X509Chain chain = new MonoX509.X509Chain (MonoX509.X509StoreManager.IntermediateCACertificates);
+			if (CertificateValidationHelper.SupportsX509Chain) {
+				// Build the chain for the certificate and if the chain is correct, add all certificates 
+				// (except the root certificate [FIRST ONE] ... the client is supposed to know that one,
+				// otherwise the whole concept of a trusted chain doesn't work out ... 
+				MonoX509.X509Chain chain = new MonoX509.X509Chain (MonoX509.X509StoreManager.IntermediateCACertificates);

-			if (chain.Build (cert)) {
-				for (int j = chain.Chain.Count - 1; j > 0; j--)
-					ServerSettings.Certificates.Add (chain.Chain [j]);
+				if (chain.Build (cert)) {
+					for (int j = chain.Chain.Count - 1; j > 0; j--)
+						ServerSettings.Certificates.Add (chain.Chain [j]);
+				}
 			}

 			// Add requested certificate types
@@ -98,15 +101,16 @@ namespace Mono.Security.Protocol.Tls
 			for (int j = 0; j < this.ServerSettings.CertificateTypes.Length; j++)
 				ServerSettings.CertificateTypes [j] = ClientCertificateType.RSA;

-			// Add certificate authorities
-			MonoX509.X509CertificateCollection trusted = MonoX509.X509StoreManager.TrustedRootCertificates;
-			string[] list = new string [trusted.Count];
-			int i = 0;
-			foreach (MonoX509.X509Certificate root in trusted)
-			{
-				list [i++] = root.IssuerName;
+			if (CertificateValidationHelper.SupportsX509Chain) {
+				// Add certificate authorities
+				MonoX509.X509CertificateCollection trusted = MonoX509.X509StoreManager.TrustedRootCertificates;
+				string[] list = new string [trusted.Count];
+				int i = 0;
+				foreach (MonoX509.X509Certificate root in trusted) {
+					list [i++] = root.IssuerName;
+				}
+				this.ServerSettings.DistinguisedNames = list;
 			}
-			this.ServerSettings.DistinguisedNames = list;
 		}

 		#endregion
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs
@@ -119,7 +119,8 @@ namespace Mono.Security.Protocol.Tls

 				case HandshakeType.Finished:
 					// Certificates are optional, but if provided, they should send a CertificateVerify
-					bool check = (cert == null) ? (last == HandshakeType.ClientKeyExchange) : (last == HandshakeType.CertificateVerify);
+					bool hasCert = cert != null && cert.HasCertificate;
+					bool check = hasCert ? (last == HandshakeType.CertificateVerify) : (last == HandshakeType.ClientKeyExchange);
 					// ChangeCipherSpecDone is not an handshake message (it's a content type) but still needs to be happens before finished
 					if (check && context.ChangeCipherSpecDone) {
 						context.ChangeCipherSpecDone = false;
@@ -131,7 +132,6 @@ namespace Mono.Security.Protocol.Tls
 					throw new TlsException(AlertDescription.UnexpectedMessage, String.Format(CultureInfo.CurrentUICulture,
 														 "Unknown server handshake message received ({0})", 
 														 type.ToString()));
-					break;
 			}
 			throw new TlsException (AlertDescription.HandshakeFailiure, String.Format ("Protocol error, unexpected protocol transition from {0} to {1}", last, type));
 		}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs
@@ -32,6 +32,7 @@ using System.Security.Cryptography.X509Certificates;
 using System.Threading;

 using Mono.Security.Protocol.Tls.Handshake;
+using Mono.Security.Interface;

 namespace Mono.Security.Protocol.Tls
 {
@@ -46,36 +47,6 @@ namespace Mono.Security.Protocol.Tls
 		X509Certificate certificate, 
 		int[]			certificateErrors);

-#if INSIDE_SYSTEM
-	internal
-#else
-	public
-#endif
-	class ValidationResult {
-		bool trusted;
-		bool user_denied;
-		int error_code;
-
-		public ValidationResult (bool trusted, bool user_denied, int error_code)
-		{
-			this.trusted = trusted;
-			this.user_denied = user_denied;
-			this.error_code = error_code;
-		}
-
-		public bool Trusted {
-			get { return trusted; }
-		}
-
-		public bool UserDenied {
-			get { return user_denied; }
-		}
-
-		public int ErrorCode {
-			get { return error_code; }
-		}
-	}
-
 #if INSIDE_SYSTEM
 	internal
 #else
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
@@ -31,6 +31,7 @@ using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;

 using Mono.Security.Protocol.Tls.Handshake;
+using Mono.Security.Interface;

 namespace Mono.Security.Protocol.Tls
 {
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs
@@ -31,6 +31,8 @@ using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading;

+using Mono.Security.Interface;
+
 namespace Mono.Security.Protocol.Tls
 {
 #if INSIDE_SYSTEM
@@ -631,15 +633,14 @@ namespace Mono.Security.Protocol.Tls
 		// record and return are the records (may be more than one) we have
 		private void InternalReadCallback(IAsyncResult result)
 		{
-			if (this.disposed)
-				return;
-
 			object[] state = (object[])result.AsyncState;
 			byte[] recbuf = (byte[])state[0];
 			InternalAsyncResult internalResult = (InternalAsyncResult)state[1];

 			try
 			{
+				this.checkDisposed();
+				
 				int n = innerStream.EndRead(result);
 				if (n > 0)
 				{
@@ -793,13 +794,11 @@ namespace Mono.Security.Protocol.Tls

 		private void InternalWriteCallback(IAsyncResult ar)
 		{
-			if (this.disposed)
-				return;
-			
 			InternalAsyncResult internalResult = (InternalAsyncResult)ar.AsyncState;

 			try
 			{
+				this.checkDisposed();
 				this.innerStream.EndWrite(ar);
 				internalResult.SetComplete();
 			}