diff options
author | Jeremy Barton <jbarton@microsoft.com> | 2017-03-02 01:45:41 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-02 01:45:41 +0300 |
commit | 3b19899963606a34e1623e0926b90fe907197ee6 (patch) | |
tree | c28d79730022f67c50c92fb60ed0c95cf5e15827 /src/System.Security.Cryptography.Encoding | |
parent | 7bce72ca1a50080d76d45cc2591793510e511851 (diff) |
Initial implementation of X509Certificates, HttpClient, and SslStream for macOS (#16445)
Broken by this change:
* A lot of TLS CipherSuites have no metadata defined.
* macOS does not support version skipping in TLS. So `Tls | Tls12` is an invalid choice.
In this change:
General:
* All OSStatus related exceptions now look up the error message.
X509Certificates:
* X509Certificate moves to using SecCertificateRef from OpenSSL's X509.
* X509 metadata comes from a managed reader after being loaded by Security.framework,
due to the significant amount of data that has no public export in Apple's libraries.
* Significant code was factored out to be shared by OpenSSL and Apple implementations for X500DistinguishedName and X509Certficate2Collection.Find.
* Loading a PFX (or, rather, the private keys from a PFX) via Apple's platform
requires importing into a Keychain, and a Keychain requires a file on disk.
A temporary keychain is created during cert loading and erased when safe.
Like the perphemeral key load on Windows this can leak files due to
abnormal program termination.
* The X.509 My store for CurrentUser and LocalMachine are the default (user) and System keychains.
* The X.509 Root store is an interpretation of the Apple SecTrustSettings data.
* The X.509 Disallowed store hasn't been implemented yet, but should be a very small change.
* Other X.509 stores cannot be created due to keychain complexity.
HttpClient:
* Initialization no longer wakes up OpenSSL
SslStream:
* New implementation based on Apple SecureTransport.
* Currently has support for SNI (for AuthenticateAsClient)
Diffstat (limited to 'src/System.Security.Cryptography.Encoding')
3 files changed, 8 insertions, 1 deletions
diff --git a/src/System.Security.Cryptography.Encoding/src/Resources/Strings.resx b/src/System.Security.Cryptography.Encoding/src/Resources/Strings.resx index c0d44d9639..1dea5f48ce 100644 --- a/src/System.Security.Cryptography.Encoding/src/Resources/Strings.resx +++ b/src/System.Security.Cryptography.Encoding/src/Resources/Strings.resx @@ -141,7 +141,10 @@ <data name="Argument_InvalidValue" xml:space="preserve"> <value>Value was invalid.</value> </data> + <data name="Cryptography_Der_Invalid_Encoding" xml:space="preserve"> + <value>ASN1 corrupted data.</value> + </data> <data name="ObjectDisposed_Generic" xml:space="preserve"> <value>Cannot access a disposed object.</value> </data> -</root>
\ No newline at end of file +</root> diff --git a/src/System.Security.Cryptography.Encoding/src/System.Security.Cryptography.Encoding.csproj b/src/System.Security.Cryptography.Encoding/src/System.Security.Cryptography.Encoding.csproj index cd64025731..dbe3c951c3 100644 --- a/src/System.Security.Cryptography.Encoding/src/System.Security.Cryptography.Encoding.csproj +++ b/src/System.Security.Cryptography.Encoding/src/System.Security.Cryptography.Encoding.csproj @@ -109,6 +109,7 @@ </ItemGroup> <ItemGroup Condition=" '$(TargetsOSX)' == 'true' "> <Reference Include="System.Runtime.Numerics" /> + <Reference Include="System.Threading" /> </ItemGroup> <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.targets))\dir.targets" /> </Project> diff --git a/src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx b/src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx index cf65dfdce6..64ec3dd8f4 100644 --- a/src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx +++ b/src/System.Security.Cryptography.Encoding/tests/Resources/Strings.resx @@ -120,6 +120,9 @@ <data name="Argument_InvalidOidValue" xml:space="preserve"> <value>The OID value was invalid.</value> </data> + <data name="Cryptography_Der_Invalid_Encoding" xml:space="preserve"> + <value>ASN1 corrupted data.</value> + </data> <data name="Cryptography_Invalid_IA5String" xml:space="preserve"> <value>The string contains a character not in the 7 bit ASCII character set.</value> </data> |