diff options
| author | Jeremy Barton <jbarton@microsoft.com> | 2017-03-02 01:45:41 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-03-02 01:45:41 +0300 |
| commit | 3b19899963606a34e1623e0926b90fe907197ee6 (patch) | |
| tree | c28d79730022f67c50c92fb60ed0c95cf5e15827 /src/System.Security.Cryptography.Encoding/tests | |
| parent | 7bce72ca1a50080d76d45cc2591793510e511851 (diff) | |
Initial implementation of X509Certificates, HttpClient, and SslStream for macOS (#16445)
Broken by this change:
* A lot of TLS CipherSuites have no metadata defined.
* macOS does not support version skipping in TLS. So `Tls | Tls12` is an invalid choice.
In this change:
General:
* All OSStatus related exceptions now look up the error message.
X509Certificates:
* X509Certificate moves to using SecCertificateRef from OpenSSL's X509.
* X509 metadata comes from a managed reader after being loaded by Security.framework,
due to the significant amount of data that has no public export in Apple's libraries.
* Significant code was factored out to be shared by OpenSSL and Apple implementations for X500DistinguishedName and X509Certficate2Collection.Find.
* Loading a PFX (or, rather, the private keys from a PFX) via Apple's platform
requires importing into a Keychain, and a Keychain requires a file on disk.
A temporary keychain is created during cert loading and erased when safe.
Like the perphemeral key load on Windows this can leak files due to
abnormal program termination.
* The X.509 My store for CurrentUser and LocalMachine are the default (user) and System keychains.
* The X.509 Root store is an interpretation of the Apple SecTrustSettings data.
* The X.509 Disallowed store hasn't been implemented yet, but should be a very small change.
* Other X.509 stores cannot be created due to keychain complexity.
HttpClient:
* Initialization no longer wakes up OpenSSL
SslStream:
* New implementation based on Apple SecureTransport.
* Currently has support for SNI (for AuthenticateAsClient)
Diffstat (limited to 'src/System.Security.Cryptography.Encoding/tests')
| -rw-r--r-- | src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx b/src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx index cf65dfdce6..64ec3dd8f4 100644 --- a/src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx +++ b/src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx @@ -120,6 +120,9 @@ <data name="Argument_InvalidOidValue" xml:space="preserve"> <value>The OID value was invalid.</value> </data> + <data name="Cryptography_Der_Invalid_Encoding" xml:space="preserve"> + <value>ASN1 corrupted data.</value> + </data> <data name="Cryptography_Invalid_IA5String" xml:space="preserve"> <value>The string contains a character not in the 7 bit ASCII character set.</value> </data> |