[Mono-patches] r45983 - trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls

Tue, 14 Jun 2005 11:29:37 -0700 

Author: spouliot
Date: 2005-06-14 13:44:44 -0400 (Tue, 14 Jun 2005)
New Revision: 45983

Modified:
   trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ChangeLog
   trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs
Log:
2005-06-14  Sebastien Pouliot  <[EMAIL PROTECTED]>

        * SslClientStream.cs: Add support for _optional_ mutual authentication.
        SSL3 and TLS1 deals differently with this. SSL3 tested with OpenSSL,
        TSL1 tested with OpenSSL and LDAPS/AD.



Modified: trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ChangeLog
===================================================================
--- trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ChangeLog  
2005-06-14 17:44:16 UTC (rev 45982)
+++ trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ChangeLog  
2005-06-14 17:44:44 UTC (rev 45983)
@@ -1,3 +1,9 @@
+2005-06-14  Sebastien Pouliot  <[EMAIL PROTECTED]>
+
+       * SslClientStream.cs: Add support for _optional_ mutual authentication.
+       SSL3 and TLS1 deals differently with this. SSL3 tested with OpenSSL,
+       TSL1 tested with OpenSSL and LDAPS/AD.
+
 2005-06-06  Sebastien Pouliot  <[EMAIL PROTECTED]>
 
        * Alert.cs: Add NoCertificate (41) which _should_ be used in SSL3

Modified: 
trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs
===================================================================
--- trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs 
2005-06-14 17:44:16 UTC (rev 45982)
+++ trunk/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs 
2005-06-14 17:44:44 UTC (rev 45983)
@@ -808,8 +808,21 @@
                                }
 
                                // Send client certificate if requested
-                               if 
(this.context.ServerSettings.CertificateRequest)
+                               // even if the server ask for it it _may_ still 
be optional
+                               bool clientCertificate = 
this.context.ServerSettings.CertificateRequest;
+
+                               // NOTE: sadly SSL3 and TLS1 differs in how 
they handle this and
+                               // the current design doesn't allow a very cute 
way to handle 
+                               // SSL3 alert warning for NoCertificate (41).
+                               if (this.context.SecurityProtocol == 
SecurityProtocolType.Ssl3)
                                {
+                                       clientCertificate = 
((this.context.ClientSettings.Certificates != null) &&
+                                               
(this.context.ClientSettings.Certificates.Count > 0));
+                                       // this works well with OpenSSL (but 
only for SSL3)
+                               }
+
+                               if (clientCertificate)
+                               {
                                        
this.protocol.SendRecord(HandshakeType.Certificate);
                                }
 
@@ -819,8 +832,8 @@
                                // Now initialize session cipher with the 
generated keys
                                this.context.Cipher.InitializeCipher();
 
-                               // Send certificate verify if requested
-                               if 
(this.context.ServerSettings.CertificateRequest)
+                               // Send certificate verify if requested 
(optional)
+                               if (clientCertificate && 
(this.context.ClientSettings.ClientCertificate != null))
                                {
                                        
this.protocol.SendRecord(HandshakeType.CertificateVerify);
                                }

_______________________________________________
Mono-patches maillist  -  [email protected]
http://lists.ximian.com/mailman/listinfo/mono-patches

Reply via email to