Cleaning up SslStream, MobileAuthenticatedStream and TaskToApm. (#17393)

### Overview After the removal of the Legacy TLS Provider, we can make some cleanups and improvements to the `SslStream` class. Since both the remaining providers use the internal `MobileAuthenticatedStream` and support Task-async code, we can get rid of some of the Begin/End async logic and the the underlying `Stream` class handle it instead. This also fixes a nasty issue with some of those task objects leaking unobserved exceptions. The problem was that `SslStream.Dispose()` needs to clear out all resources, but in doing so also nulls out the `Impl` handle to the `MobileAuthenticatedStream` - so a subsequent `End*()` call will not reach it's corresponding `TaskToApm.End()` method. There are also some cleanups in the internal APIs that were only ever used internally and not intended for public consumption. ### Mono.Security.dll * `Mono.Security.Interface`: removed internal `ICertificateValidator2` interface. * `Mono.Security.Interface.IMonoSslStream`: this internal interface is only used by the web-tests, which only use it as a way to get the `SslStream` instance, so all those `Begin/End` async methods are now gone. * `Mono.Security.Interface.IMonoSslStream2`: removed another internal interface. * `Mono.Security.Interface.MonoTlsProvider`: removed some `internal abstract` methods; these have been moved into a new `Mono.Net.Security.MobileTlsProvider` inside `System.dll`. ### System.dll * `Mono.Net.Security.MobileTlsProvider`: New abstract internal base class, which received the aforementioned abstract internal methods. The naming is such to make it consistent with the already existing `MobileTlsContext` and `MobileAuthenticatedStream`. Since both `AppleTlsProvider` and `BtlsProvider` now have an abstract internal base class inside `System.dll`, they can use the `ChainValidationHelper` class directly and we can also avoid some `Mono.Security` dances like for instance that `MonoSslPolicyErrors` enum. This will also help make the code easier to read and maintainer. * `Mono.AppleTls.AppleTlsProvider` and `Mono.Btls.MonoBtlsProvider`: change base class into `MobileTlsProvider` and reflect above mentioned overload changes. * `Mono.AppleTls.AppleCertificateHelper`: use `ChainValidationHelper` as well. * `Mono.Net.Security.ChainValidationHelper`: only implement `ICertificateValidator`. The `ICertificateValidator` interface is still required because it is in use by the web-tests, but the previous `ICertificateValidator2` was an internal dance. * `Mono.Net.Security.MobileAuthenticatedStream`: largely cleaned up this class. - we now implement the current slimmer version of `IMonoSslStream`. - moved all those overloads into `SslStream` that only fill in default values for some of their arguments and then call another overloaded version of their own. - removed lots of `Begin/End` methods that are not used anymore. * `Mono.Net.Security.MonoTlsProviderFactory`: use `MobileTlsStream` everywhere. * `Mono.Net.Security.MonoTlsStream`: cleanup `SslStream` creation logic; instead of going throw `provider.CreateSslStream()`, we can now use an internal constructor directly, thus avoiding the `IMonoSslStream` interface while also making the code a lot easier to read and understand. * `System.Net.Mail.SmtpClient`: same here. * `System.Net.HttpWebRequest`: use `MobileTlsProvider`. * `System.Net.Security.SslStream`: largely cleaned up this class. - we now use `MobileAuthenticatedStream` directly instead of the `IMonoSslStream` interface and therefore could also get rid of `IMonoSslStream2`. - cleanup constructor logic to allow the internal constructor being used with a `MobileTlsProvider` instead of going through `provider.CreateSslStream()`. - all those overloads that are only filling in default values for some of their arguments before calling another overloaded version of their own now live here instead of in the `MobileAuthenticatedStream` class. The reason is to simply that `MobileAuthenticatedStream` is already quite a complex and difficult class, and removing some of that complexity out of it will make it easier to understand. - handle the `TaskToApm.Begin()` / `TaskToApm.End()` here to ensure that we are not leaking any task objects with unobserved exceptions. - removed `BeginRead()` and `BeginWrite()` overloads to let the underlying `Stream` class handle these. * Bump API snapshot submodule * [csproj] Update project files
author: Martin Baulig <mabaul@microsoft.com> 2019-10-24 20:42:54 +0300
committer: Alexander Köplinger <alex.koeplinger@outlook.com> 2019-10-24 20:42:54 +0300
commit: 1553889bc54f87060158febca7e6b8b9910975f8 (patch)
tree: b6565f378f3432404961bcb66e594cb73824feb3
parent: 638e2c6a8614d25aad591112d3414e28641b97e0 (diff)
22 files changed, 169 insertions, 347 deletions
diff --git a/external/api-snapshot b/external/api-snapshot
-Subproject 652f5200b1ea92673fe48e10e55eeab80180d14
+Subproject 83f9f4eca4e6976d4148fe9b77e08df19cf4657
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs b/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
index 9b55f6cc91a..a40f5e64339 100644
--- a/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
@@ -96,14 +96,6 @@ namespace Mono.Security.Interface
 		ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509CertificateCollection certificates);
 	}
 
-	internal interface ICertificateValidator2 : ICertificateValidator
-	{
-		/*
-		 * Internal use only.
-		 */
-		ValidationResult ValidateCertificate (string targetHost, bool serverMode, X509Certificate leaf, X509Chain chain);
-	}
-
 	public static class CertificateValidationHelper
 	{
 		const string SecurityLibrary = "/System/Library/Frameworks/Security.framework/Security";
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs b/mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs
index fd8b7da41bb..84989904faa 100644
--- a/mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs
@@ -42,59 +42,11 @@ namespace Mono.Security.Interface
 			get;
 		}
 
-		void AuthenticateAsClient (string targetHost);
-
-		void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation);
-
-		void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
-
-		IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState);
-
-		IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
-
-		IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
-
-		void EndAuthenticateAsClient (IAsyncResult asyncResult);
-
-		void AuthenticateAsServer (X509Certificate serverCertificate);
-
-		void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation);
-
-		void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
-
-		IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState);
-
-		IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
-
-		IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
-
-		void EndAuthenticateAsServer (IAsyncResult asyncResult);
-
-		Task AuthenticateAsClientAsync (string targetHost);
-
-		Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation);
-
 		Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
-		Task AuthenticateAsServerAsync (X509Certificate serverCertificate);
-
-		Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation);
-
 		Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
-		int Read (byte[] buffer, int offset, int count);
-
-		void Write (byte[] buffer);
-
-		void Write (byte[] buffer, int offset, int count);
-
-		IAsyncResult BeginRead (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState);
-
-		int EndRead (IAsyncResult asyncResult);
-
-		IAsyncResult BeginWrite (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState);
-
-		void EndWrite (IAsyncResult asyncResult);
+		Task<int> ReadAsync (byte[] buffer, int offset, int count, CancellationToken cancellationToken);
 
 		Task WriteAsync (byte[] buffer, int offset, int count, CancellationToken cancellationToken);
 
@@ -215,12 +167,5 @@ namespace Mono.Security.Interface
 
 		Task RenegotiateAsync (CancellationToken cancellationToken);
 	}
-
-	interface IMonoSslStream2 : IMonoSslStream
-	{
-		Task AuthenticateAsClientAsync (IMonoSslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken);
-
-		Task AuthenticateAsServerAsync (IMonoSslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken);
-	}
 }
 
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs b/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
index 2f040e0f613..f61ccbacbbd 100644
--- a/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
@@ -121,10 +121,6 @@ namespace Mono.Security.Interface
 			Stream innerStream, bool leaveInnerStreamOpen,
 			MonoTlsSettings settings = null);
 
-		internal abstract IMonoSslStream CreateSslStreamInternal (
-			SslStream sslStream, Stream innerStream, bool leaveInnerStreamOpen,
-			MonoTlsSettings settings);
-
 #endregion
 
 #region Native Certificate Implementation
@@ -133,34 +129,6 @@ namespace Mono.Security.Interface
 			get { return false; }
 		}
 
-		internal virtual X509Certificate2Impl GetNativeCertificate (
-			byte[] data, string password, X509KeyStorageFlags flags)
-		{
-			throw new InvalidOperationException ();
-		}
-
-		internal virtual X509Certificate2Impl GetNativeCertificate (
-			X509Certificate certificate)
-		{
-			throw new InvalidOperationException ();
-		}
-
-#endregion
-
-#region Certificate Validation
-		/*
-		 * If @serverMode is true, then we're a server and want to validate a certificate
-		 * that we received from a client.
-		 *
-		 * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built.
-		 *
-		 * Returns `true` if certificate validation has been performed and `false` to invoke the
-		 * default system validator.
-		 */
-		internal abstract bool ValidateCertificate (
-			ICertificateValidator2 validator, string targetHost, bool serverMode,
-			X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
-			ref MonoSslPolicyErrors errors, ref int status11);
 #endregion
 
 #region Misc
diff --git a/mcs/class/System/Mono.AppleTls/AppleCertificateHelper.cs b/mcs/class/System/Mono.AppleTls/AppleCertificateHelper.cs
index 18212bb54db..8608ff4e255 100644
--- a/mcs/class/System/Mono.AppleTls/AppleCertificateHelper.cs
+++ b/mcs/class/System/Mono.AppleTls/AppleCertificateHelper.cs
@@ -14,9 +14,11 @@ extern alias MonoSecurity;
 using System;
 using System.Collections;
 using System.Reflection;
+using System.Net.Security;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography.X509Certificates;
 
+using MNS = Mono.Net.Security;
 #if MONO_SECURITY_ALIAS
 using MonoSecurity::Mono.Security.Interface;
 #else
@@ -116,12 +118,12 @@ namespace Mono.AppleTls
 		}
 
 		public static bool InvokeSystemCertificateValidator (
-			ICertificateValidator2 validator, string targetHost, bool serverMode,
+			MNS.ChainValidationHelper validator, string targetHost, bool serverMode,
 			X509CertificateCollection certificates,
-			ref MonoSslPolicyErrors errors, ref int status11)
+			ref SslPolicyErrors errors, ref int status11)
 		{
 			if (certificates == null) {
-				errors |= MonoSslPolicyErrors.RemoteCertificateNotAvailable;
+				errors |= SslPolicyErrors.RemoteCertificateNotAvailable;
 				return false;
 			}
 
@@ -150,7 +152,7 @@ namespace Mono.AppleTls
 				if (result == SecTrustResult.Unspecified || result == SecTrustResult.Proceed)
 					return true;
 
-				errors |= MonoSslPolicyErrors.RemoteCertificateChainErrors;
+				errors |= SslPolicyErrors.RemoteCertificateChainErrors;
 				return false;
 			}
 		}
diff --git a/mcs/class/System/Mono.AppleTls/AppleTlsProvider.cs b/mcs/class/System/Mono.AppleTls/AppleTlsProvider.cs
index 3ec4ded73b9..0e7bc342a25 100644
--- a/mcs/class/System/Mono.AppleTls/AppleTlsProvider.cs
+++ b/mcs/class/System/Mono.AppleTls/AppleTlsProvider.cs
@@ -28,7 +28,7 @@ using Mono.Security.Interface;
 
 namespace Mono.AppleTls
 {
-	class AppleTlsProvider : MonoTlsProvider
+	class AppleTlsProvider : MNS.MobileTlsProvider
 	{
 		public override string Name {
 			get { return "apple-tls"; }
@@ -38,14 +38,7 @@ namespace Mono.AppleTls
 			get { return MNS.MonoTlsProviderFactory.AppleTlsId; }
 		}
 
-		public override IMonoSslStream CreateSslStream (
-			Stream innerStream, bool leaveInnerStreamOpen,
-			MonoTlsSettings settings = null)
-		{
-			return SslStream.CreateMonoSslStream (innerStream, leaveInnerStreamOpen, this, settings);
-		}
-
-		internal override IMonoSslStream CreateSslStreamInternal (
+		internal override MNS.MobileAuthenticatedStream CreateSslStream (
 			SslStream sslStream, Stream innerStream, bool leaveInnerStreamOpen,
 			MonoTlsSettings settings)
 		{
@@ -73,9 +66,9 @@ namespace Mono.AppleTls
 		}
 
 		internal override bool ValidateCertificate (
-			ICertificateValidator2 validator, string targetHost, bool serverMode,
+			MNS.ChainValidationHelper validator, string targetHost, bool serverMode,
 			X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
-			ref MonoSslPolicyErrors errors, ref int status11)
+			ref SslPolicyErrors errors, ref int status11)
 		{
 			if (wantsChain)
 				chain = MNS.SystemCertificateValidator.CreateX509Chain (certificates);
diff --git a/mcs/class/System/Mono.AppleTls/AppleTlsStream.cs b/mcs/class/System/Mono.AppleTls/AppleTlsStream.cs
index 03c47f26ddd..be5206d4368 100644
--- a/mcs/class/System/Mono.AppleTls/AppleTlsStream.cs
+++ b/mcs/class/System/Mono.AppleTls/AppleTlsStream.cs
@@ -31,7 +31,7 @@ namespace Mono.AppleTls
 	class AppleTlsStream : MNS.MobileAuthenticatedStream
 	{
 		public AppleTlsStream (Stream innerStream, bool leaveInnerStreamOpen, SslStream owner,
-		                       MonoTlsSettings settings, MonoTlsProvider provider)
+		                       MonoTlsSettings settings, MNS.MobileTlsProvider provider)
 			: base (innerStream, leaveInnerStreamOpen, owner, settings, provider)
 		{
 		}
diff --git a/mcs/class/System/Mono.Btls/MonoBtlsProvider.cs b/mcs/class/System/Mono.Btls/MonoBtlsProvider.cs
index 6654fa731c6..97c50aacab9 100644
--- a/mcs/class/System/Mono.Btls/MonoBtlsProvider.cs
+++ b/mcs/class/System/Mono.Btls/MonoBtlsProvider.cs
@@ -50,7 +50,7 @@ using MNS = Mono.Net.Security;
 
 namespace Mono.Btls
 {
-	class MonoBtlsProvider : MonoTlsProvider
+	class MonoBtlsProvider : MNS.MobileTlsProvider
 	{
 		public override Guid ID {
 			get { return MNS.MonoTlsProviderFactory.BtlsId; }
@@ -85,14 +85,7 @@ namespace Mono.Btls
 			get { return SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls; }
 		}
 
-		public override IMonoSslStream CreateSslStream (
-			Stream innerStream, bool leaveInnerStreamOpen,
-			MonoTlsSettings settings = null)
-		{
-			return SslStream.CreateMonoSslStream (innerStream, leaveInnerStreamOpen, this, settings);
-		}
-
-		internal override IMonoSslStream CreateSslStreamInternal (
+		internal override MNS.MobileAuthenticatedStream CreateSslStream (
 			SslStream sslStream, Stream innerStream, bool leaveInnerStreamOpen,
 			MonoTlsSettings settings)
 		{
@@ -104,14 +97,14 @@ namespace Mono.Btls
 			get { return true; }
 		}
 
-		internal override X509Certificate2Impl GetNativeCertificate (
+		internal X509Certificate2Impl GetNativeCertificate (
 			byte[] data, string password, X509KeyStorageFlags flags)
 		{
 			using (var handle = new SafePasswordHandle (password))
 				return GetNativeCertificate (data, handle, flags);
 		}
 
-		internal override X509Certificate2Impl GetNativeCertificate (
+		internal X509Certificate2Impl GetNativeCertificate (
 			X509Certificate certificate)
 		{
 			var impl = certificate.Impl as X509CertificateImplBtls;
@@ -152,9 +145,9 @@ namespace Mono.Btls
 		}
 
 		internal override bool ValidateCertificate (
-			ICertificateValidator2 validator, string targetHost, bool serverMode,
+			MNS.ChainValidationHelper validator, string targetHost, bool serverMode,
 			X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
-			ref MonoSslPolicyErrors errors, ref int status11)
+			ref SslPolicyErrors errors, ref int status11)
 		{
 			if (chain != null) {
 				var chainImpl = (X509ChainImplBtls)chain.Impl;
@@ -215,15 +208,15 @@ namespace Mono.Btls
 		}
 
 		void CheckValidationResult (
-			ICertificateValidator validator, string targetHost, bool serverMode,
+			MNS.ChainValidationHelper validator, string targetHost, bool serverMode,
 			X509CertificateCollection certificates, bool wantsChain,
 			X509Chain chain, MonoBtlsX509StoreCtx storeCtx,
-			bool success, ref MonoSslPolicyErrors errors, ref int status11)
+			bool success, ref SslPolicyErrors errors, ref int status11)
 		{
 			status11 = unchecked((int)0);
 			if (success)
 				return;
-			errors = MonoSslPolicyErrors.RemoteCertificateChainErrors;
+			errors = SslPolicyErrors.RemoteCertificateChainErrors;
 			if (!wantsChain || storeCtx == null || chain == null) {
 				status11 = unchecked((int)0x800B010B);
 				return;
@@ -231,12 +224,12 @@ namespace Mono.Btls
 			var error = storeCtx.GetError ();
 			switch (error) {
 			case Mono.Btls.MonoBtlsX509Error.OK:
-				errors = MonoSslPolicyErrors.None;
+				errors = SslPolicyErrors.None;
 				break;
 			case Mono.Btls.MonoBtlsX509Error.CRL_NOT_YET_VALID:
 				break;
 			case MonoBtlsX509Error.HOSTNAME_MISMATCH:
-				errors = MonoSslPolicyErrors.RemoteCertificateNameMismatch;
+				errors = SslPolicyErrors.RemoteCertificateNameMismatch;
 				chain.Impl.AddStatus (X509ChainStatusFlags.UntrustedRoot);
 				status11 = unchecked ((int)0x800B010B);
 				break;
diff --git a/mcs/class/System/Mono.Btls/MonoBtlsStream.cs b/mcs/class/System/Mono.Btls/MonoBtlsStream.cs
index 63a4eaf9b8d..6e44e194ff2 100644
--- a/mcs/class/System/Mono.Btls/MonoBtlsStream.cs
+++ b/mcs/class/System/Mono.Btls/MonoBtlsStream.cs
@@ -47,7 +47,7 @@ namespace Mono.Btls
 	class MonoBtlsStream : MNS.MobileAuthenticatedStream
 	{
 		public MonoBtlsStream (Stream innerStream, bool leaveInnerStreamOpen, SslStream owner,
-		                       MonoTlsSettings settings, MonoTlsProvider provider)
+		                       MonoTlsSettings settings, MNS.MobileTlsProvider provider)
 			: base (innerStream, leaveInnerStreamOpen, owner, settings, provider)
 		{
 		}
diff --git a/mcs/class/System/Mono.Btls/X509PalImpl.Btls.cs b/mcs/class/System/Mono.Btls/X509PalImpl.Btls.cs
index 5b8a360f175..e051b7672bd 100644
--- a/mcs/class/System/Mono.Btls/X509PalImpl.Btls.cs
+++ b/mcs/class/System/Mono.Btls/X509PalImpl.Btls.cs
@@ -56,7 +56,7 @@ namespace Mono.Btls
 
 		public override X509CertificateImpl Import (byte[] data)
 		{
-			return Provider.GetNativeCertificate (data, null, X509KeyStorageFlags.DefaultKeySet);
+			return Provider.GetNativeCertificate (data, (string)null, X509KeyStorageFlags.DefaultKeySet);
 		}
 
 		public override X509Certificate2Impl Import (
diff --git a/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs b/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
index 8d0146b7ceb..8aac9bd099c 100644
--- a/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
+++ b/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
@@ -64,11 +64,11 @@ namespace Mono.Net.Security
 {
 	internal delegate bool ServerCertValidationCallbackWrapper (ServerCertValidationCallback callback, X509Certificate certificate, X509Chain chain, MonoSslPolicyErrors sslPolicyErrors);
 
-	internal class ChainValidationHelper : ICertificateValidator2
+	internal class ChainValidationHelper : ICertificateValidator
 	{
 		readonly WeakReference<SslStream> owner;
 		readonly MonoTlsSettings settings;
-		readonly MonoTlsProvider provider;
+		readonly MobileTlsProvider provider;
 		readonly ServerCertValidationCallback certValidationCallback;
 		readonly LocalCertSelectionCallback certSelectionCallback;
 		readonly MonoTlsStream tlsStream;
@@ -76,18 +76,18 @@ namespace Mono.Net.Security
 
 #pragma warning disable 618
 
-		internal static ICertificateValidator GetInternalValidator (SslStream owner, MonoTlsProvider provider, MonoTlsSettings settings)
+		internal static ChainValidationHelper GetInternalValidator (SslStream owner, MobileTlsProvider provider, MonoTlsSettings settings)
 		{
 			if (settings == null)
 				return new ChainValidationHelper (owner, provider, null, false, null);
 			if (settings.CertificateValidator != null)
-				return settings.CertificateValidator;
+				return (ChainValidationHelper)settings.CertificateValidator;
 			return new ChainValidationHelper (owner, provider, settings, false, null);
 		}
 
 		internal static ICertificateValidator GetDefaultValidator (MonoTlsSettings settings)
 		{
-			var provider = MonoTlsProviderFactory.GetProvider ();
+			var provider = MonoTlsProviderFactory.GetProviderInternal ();
 			if (settings == null)
 				return new ChainValidationHelper (null, provider, null, false, null);
 			if (settings.CertificateValidator != null)
@@ -95,21 +95,21 @@ namespace Mono.Net.Security
 			return new ChainValidationHelper (null, provider, settings, false, null);
 		}
 
-		internal static ChainValidationHelper Create (MonoTlsProvider provider, ref MonoTlsSettings settings, MonoTlsStream stream)
+		internal static ChainValidationHelper Create (MobileTlsProvider provider, ref MonoTlsSettings settings, MonoTlsStream stream)
 		{
 			var helper = new ChainValidationHelper (null, provider, settings, true, stream);
 			settings = helper.settings;
 			return helper;
 		}
 
-		ChainValidationHelper (SslStream owner, MonoTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream)
+		ChainValidationHelper (SslStream owner, MobileTlsProvider provider, MonoTlsSettings settings, bool cloneSettings, MonoTlsStream stream)
 		{
 			if (settings == null)
 				settings = MonoTlsSettings.CopyDefaultSettings ();
 			if (cloneSettings)
 				settings = settings.CloneWithValidator (this);
 			if (provider == null)
-				provider = MonoTlsProviderFactory.GetProvider ();
+				provider = MonoTlsProviderFactory.GetProviderInternal ();
 
 			this.provider = provider;
 			this.settings = settings;
@@ -152,7 +152,7 @@ namespace Mono.Net.Security
 			return new ServerCertValidationCallback ((s, c, ch, e) => {
 				string targetHost = null;
 				if (s is SslStream sslStream)
-					targetHost = ((MobileAuthenticatedStream)sslStream.Impl).TargetHost;
+					targetHost = sslStream.InternalTargetHost;
 				else if (s is HttpWebRequest request) {
 					targetHost = request.Host;
 					if (!string.IsNullOrEmpty (targetHost)) {
@@ -309,9 +309,7 @@ namespace Mono.Net.Security
 					wantsChain = true;
 			}
 
-			var xerrors = (MonoSslPolicyErrors)errors;
-			result = provider.ValidateCertificate (this, host, server, certs, wantsChain, ref chain, ref xerrors, ref status11);
-			errors = (SslPolicyErrors)xerrors;
+			result = provider.ValidateCertificate (this, host, server, certs, wantsChain, ref chain, ref errors, ref status11);
 
 			if (status11 == 0 && errors != 0) {
 				// TRUST_E_FAIL
diff --git a/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs b/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs
index f603a3c23e7..7e743dc3cca 100644
--- a/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs
+++ b/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs
@@ -35,7 +35,7 @@ using SslProtocols = System.Security.Authentication.SslProtocols;
 
 namespace Mono.Net.Security
 {
-	abstract class MobileAuthenticatedStream : AuthenticatedStream, MSI.IMonoSslStream2
+	abstract class MobileAuthenticatedStream : AuthenticatedStream, MSI.IMonoSslStream
 	{
 		/*
 		 * This is intentionally called `xobileTlsContext'.  It is a "dangerous" object
@@ -70,7 +70,7 @@ namespace Mono.Net.Security
 		}
 
 		public MobileAuthenticatedStream (Stream innerStream, bool leaveInnerStreamOpen, SslStream owner,
-						  MSI.MonoTlsSettings settings, MSI.MonoTlsProvider provider)
+						  MSI.MonoTlsSettings settings, MobileTlsProvider provider)
 			: base (innerStream, leaveInnerStreamOpen)
 		{
 			SslStream = owner;
@@ -90,10 +90,12 @@ namespace Mono.Net.Security
 			get;
 		}
 
-		public MSI.MonoTlsProvider Provider {
+		public MobileTlsProvider Provider {
 			get;
 		}
 
+		MSI.MonoTlsProvider MSI.IMonoSslStream.Provider => Provider;
+
 		internal bool HasContext {
 			get { return xobileTlsContext != null; }
 		}
@@ -159,16 +161,6 @@ namespace Mono.Net.Security
 			Shutdown
 		}
 
-		public void AuthenticateAsClient (string targetHost)
-		{
-			AuthenticateAsClient (targetHost, new X509CertificateCollection (), SecurityProtocol.SystemDefaultSecurityProtocols, false);
-		}
-
-		public void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
-		{
-			AuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, false);
-		}
-
 		public void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			var options = new MonoSslClientAuthenticationOptions {
@@ -187,45 +179,6 @@ namespace Mono.Net.Security
 			}
 		}
 
-		public IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState)
-		{
-			return BeginAuthenticateAsClient (targetHost, new X509CertificateCollection (), SecurityProtocol.SystemDefaultSecurityProtocols, false, asyncCallback, asyncState);
-		}
-
-		public IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
-		{
-			return BeginAuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
-		}
-
-		public IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
-		{
-			var options = new MonoSslClientAuthenticationOptions {
-				TargetHost = targetHost,
-				ClientCertificates = clientCertificates,
-				EnabledSslProtocols = enabledSslProtocols,
-				CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
-				EncryptionPolicy = EncryptionPolicy.RequireEncryption
-			};
-
-			var task = ProcessAuthentication (false, options, CancellationToken.None);
-			return TaskToApm.Begin (task, asyncCallback, asyncState);
-		}
-
-		public void EndAuthenticateAsClient (IAsyncResult asyncResult)
-		{
-			TaskToApm.End (asyncResult);
-		}
-
-		public void AuthenticateAsServer (X509Certificate serverCertificate)
-		{
-			AuthenticateAsServer (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false);
-		}
-
-		public void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
-		{
-			AuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
-		}
-
 		public void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			var options = new MonoSslServerAuthenticationOptions {
@@ -244,45 +197,6 @@ namespace Mono.Net.Security
 			}
 		}
 
-		public IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState)
-		{
-			return BeginAuthenticateAsServer (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false, asyncCallback, asyncState);
-		}
-
-		public IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
-		{
-			return BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
-		}
-
-		public IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
-		{
-			var options = new MonoSslServerAuthenticationOptions {
-				ServerCertificate = serverCertificate,
-				ClientCertificateRequired = clientCertificateRequired,
-				EnabledSslProtocols = enabledSslProtocols,
-				CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
-				EncryptionPolicy = EncryptionPolicy.RequireEncryption
-			};
-
-			var task = ProcessAuthentication (false, options, CancellationToken.None);
-			return TaskToApm.Begin (task, asyncCallback, asyncState);
-		}
-
-		public void EndAuthenticateAsServer (IAsyncResult asyncResult)
-		{
-			TaskToApm.End (asyncResult);
-		}
-
-		public Task AuthenticateAsClientAsync (string targetHost)
-		{
-			return AuthenticateAsClientAsync (targetHost, null, SecurityProtocol.SystemDefaultSecurityProtocols, false);
-		}
-
-		public Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
-		{
-			return AuthenticateAsClientAsync (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
-		}
-
 		public Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			var options = new MonoSslClientAuthenticationOptions {
@@ -301,16 +215,6 @@ namespace Mono.Net.Security
 			return ProcessAuthentication (false, (MonoSslClientAuthenticationOptions)sslClientAuthenticationOptions, cancellationToken);
 		}
 
-		public Task AuthenticateAsServerAsync (X509Certificate serverCertificate)
-		{
-			return AuthenticateAsServerAsync (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false);
-		}
-
-		public Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
-		{
-			return AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
-		}
-
 		public Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			var options = new MonoSslServerAuthenticationOptions {
@@ -408,30 +312,6 @@ namespace Mono.Net.Security
 
 		protected abstract MobileTlsContext CreateContext (MonoSslAuthenticationOptions options);
 
-		public override IAsyncResult BeginRead (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState)
-		{
-			var asyncRequest = new AsyncReadRequest (this, false, buffer, offset, count);
-			var task = StartOperation (OperationType.Read, asyncRequest, CancellationToken.None);
-			return TaskToApm.Begin (task, asyncCallback, asyncState);
-		}
-
-		public override int EndRead (IAsyncResult asyncResult)
-		{
-			return TaskToApm.End<int> (asyncResult);
-		}
-
-		public override IAsyncResult BeginWrite (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState)
-		{
-			var asyncRequest = new AsyncWriteRequest (this, false, buffer, offset, count);
-			var task = StartOperation (OperationType.Write, asyncRequest, CancellationToken.None);
-			return TaskToApm.Begin (task, asyncCallback, asyncState);
-		}
-
-		public override void EndWrite (IAsyncResult asyncResult)
-		{
-			TaskToApm.End (asyncResult);
-		}
-
 		public override int Read (byte[] buffer, int offset, int count)
 		{
 			var asyncRequest = new AsyncReadRequest (this, true, buffer, offset, count);
@@ -439,11 +319,6 @@ namespace Mono.Net.Security
 			return task.Result;
 		}
 
-		public void Write (byte[] buffer)
-		{
-			Write (buffer, 0, buffer.Length);
-		}
-
 		public override void Write (byte[] buffer, int offset, int count)
 		{
 			var asyncRequest = new AsyncWriteRequest (this, true, buffer, offset, count);
diff --git a/mcs/class/System/Mono.Net.Security/MobileTlsContext.cs b/mcs/class/System/Mono.Net.Security/MobileTlsContext.cs
index deeda5405a6..7994f98c728 100644
--- a/mcs/class/System/Mono.Net.Security/MobileTlsContext.cs
+++ b/mcs/class/System/Mono.Net.Security/MobileTlsContext.cs
@@ -32,7 +32,7 @@ namespace Mono.Net.Security
 {
 	abstract class MobileTlsContext : IDisposable
 	{
-		ICertificateValidator2 certificateValidator;
+		ChainValidationHelper certificateValidator;
 
 		protected MobileTlsContext (MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options)
 		{
@@ -55,7 +55,7 @@ namespace Mono.Net.Security
 				}
 			}
 
-			certificateValidator = (ICertificateValidator2)ChainValidationHelper.GetInternalValidator (
+			certificateValidator = ChainValidationHelper.GetInternalValidator (
 				parent.SslStream, parent.Provider, parent.Settings);
 		}
 
diff --git a/mcs/class/System/Mono.Net.Security/MobileTlsProvider.cs b/mcs/class/System/Mono.Net.Security/MobileTlsProvider.cs
new file mode 100644
index 00000000000..8969a96bfcb
--- /dev/null
+++ b/mcs/class/System/Mono.Net.Security/MobileTlsProvider.cs
@@ -0,0 +1,48 @@
+#if SECURITY_DEP
+#if MONO_SECURITY_ALIAS
+extern alias MonoSecurity;
+#endif
+
+#if MONO_SECURITY_ALIAS
+using MonoSecurity::Mono.Security.Interface;
+#else
+using Mono.Security.Interface;
+#endif
+
+using System;
+using System.IO;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Mono.Net.Security
+{
+	abstract class MobileTlsProvider : MonoTlsProvider
+	{
+		public sealed override IMonoSslStream CreateSslStream (
+			Stream innerStream, bool leaveInnerStreamOpen,
+			MonoTlsSettings settings = null)
+		{
+			return SslStream.CreateMonoSslStream (innerStream, leaveInnerStreamOpen, this, settings);
+		}
+
+		internal abstract MobileAuthenticatedStream CreateSslStream (
+			SslStream sslStream, Stream innerStream, bool leaveInnerStreamOpen,
+			MonoTlsSettings settings);
+
+		/*
+		 * If @serverMode is true, then we're a server and want to validate a certificate
+		 * that we received from a client.
+		 *
+		 * On OS X and Mobile, the @chain will be initialized with the @certificates, but not actually built.
+		 *
+		 * Returns `true` if certificate validation has been performed and `false` to invoke the
+		 * default system validator.
+		 */
+		internal abstract bool ValidateCertificate (
+			ChainValidationHelper validator, string targetHost, bool serverMode,
+			X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain,
+			ref SslPolicyErrors errors, ref int status11);
+	}
+}
+
+#endif
diff --git a/mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs b/mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs
index dd4a009a653..21c3737c4e2 100644
--- a/mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs
+++ b/mcs/class/System/Mono.Net.Security/MonoTlsProviderFactory.cs
@@ -70,7 +70,7 @@ namespace Mono.Net.Security
 		 * 
 		 */
 
-		internal static MSI.MonoTlsProvider GetProviderInternal ()
+		internal static MobileTlsProvider GetProviderInternal ()
 		{
 			lock (locker) {
 				InitializeInternal ();
@@ -88,7 +88,7 @@ namespace Mono.Net.Security
 
 				InitializeProviderRegistration ();
 
-				MSI.MonoTlsProvider provider;
+				MobileTlsProvider provider;
 				try {
 					provider = CreateDefaultProviderImpl ();
 				} catch (Exception ex) {
@@ -123,18 +123,18 @@ namespace Mono.Net.Security
 		static object locker = new object ();
 		static bool initialized;
 
-		static MSI.MonoTlsProvider defaultProvider;
+		static MobileTlsProvider defaultProvider;
 
 		/*
 		 * @providerRegistration maps provider names to a tuple containing its ID and full type name.
 		 * On non-reflection enabled systems (such as XI and XM), we can use the Guid to uniquely
 		 * identify the provider.
 		 *
-		 * @providerCache maps the provider's Guid to the MSI.MonoTlsProvider instance.
+		 * @providerCache maps the provider's Guid to the MobileTlsProvider instance.
 		 *
 		 */
 		static Dictionary<string,Tuple<Guid,string>> providerRegistration;
-		static Dictionary<Guid,MSI.MonoTlsProvider> providerCache;
+		static Dictionary<Guid,MobileTlsProvider> providerCache;
 
 #if !ONLY_APPLETLS && !MONOTOUCH && !XAMMAC
 		static Type LookupProviderType (string name, bool throwOnError)
@@ -155,7 +155,7 @@ namespace Mono.Net.Security
 		}
 #endif
 
-		static MSI.MonoTlsProvider LookupProvider (string name, bool throwOnError)
+		static MobileTlsProvider LookupProvider (string name, bool throwOnError)
 		{
 			lock (locker) {
 				InitializeProviderRegistration ();
@@ -167,7 +167,7 @@ namespace Mono.Net.Security
 				}
 
 				// Check cache before doing the reflection lookup.
-				MSI.MonoTlsProvider provider;
+				MobileTlsProvider provider;
 				if (providerCache.TryGetValue (entry.Item1, out provider))
 					return provider;
 
@@ -177,7 +177,7 @@ namespace Mono.Net.Security
 					throw new NotSupportedException (string.Format ("Could not find TLS Provider: `{0}'.", entry.Item2));
 
 				try {
-					provider = (MSI.MonoTlsProvider)Activator.CreateInstance (type, true);
+					provider = (MobileTlsProvider)Activator.CreateInstance (type, true);
 				} catch (Exception ex) {
 					throw new NotSupportedException (string.Format ("Unable to instantiate TLS Provider `{0}'.", type), ex);
 				}
@@ -224,7 +224,7 @@ namespace Mono.Net.Security
 				InitializeDebug ();
 
 				providerRegistration = new Dictionary<string,Tuple<Guid,string>> ();
-				providerCache = new Dictionary<Guid,MSI.MonoTlsProvider> ();
+				providerCache = new Dictionary<Guid,MobileTlsProvider> ();
 
 				PopulateProviders ();
 			}
@@ -283,7 +283,7 @@ namespace Mono.Net.Security
 		internal extern static bool IsBtlsSupported ();
 #endif
 
-		static MSI.MonoTlsProvider CreateDefaultProviderImpl ()
+		static MobileTlsProvider CreateDefaultProviderImpl ()
 		{
 #if MONODROID
 			var type = Environment.GetEnvironmentVariable ("XA_TLS_PROVIDER");
@@ -342,13 +342,9 @@ namespace Mono.Net.Security
 		 * Mono.Security.dll provides a public wrapper around these.
 		 */
 
-		internal static MSI.MonoTlsProvider GetProvider ()
+		internal static MobileTlsProvider GetProvider ()
 		{
-			var provider = GetProviderInternal ();
-			if (provider == null)
-				throw new NotSupportedException ("No TLS Provider available.");
-
-			return provider;
+			return GetProviderInternal ();
 		}
 
 		internal static bool IsProviderSupported (string name)
@@ -359,7 +355,7 @@ namespace Mono.Net.Security
 			}
 		}
 
-		internal static MSI.MonoTlsProvider GetProvider (string name)
+		internal static MobileTlsProvider GetProvider (string name)
 		{
 			return LookupProvider (name, false);
 		}
diff --git a/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs b/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs
index 66e857644da..4573b9c380f 100644
--- a/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs
+++ b/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs
@@ -53,7 +53,7 @@ namespace Mono.Net.Security
 	class MonoTlsStream : IDisposable
 	{
 #if SECURITY_DEP
-		readonly MonoTlsProvider provider;
+		readonly MobileTlsProvider provider;
 		readonly NetworkStream networkStream;		
 		readonly HttpWebRequest request;
 
@@ -63,9 +63,9 @@ namespace Mono.Net.Security
 			get { return request; }
 		}
 
-		IMonoSslStream sslStream;
+		SslStream sslStream;
 
-		internal IMonoSslStream SslStream {
+		internal SslStream SslStream {
 			get { return sslStream; }
 		}
 #else
@@ -104,7 +104,7 @@ namespace Mono.Net.Security
 #if SECURITY_DEP
 			var socket = networkStream.InternalSocket;
 			WebConnection.Debug ($"MONO TLS STREAM CREATE STREAM: {socket.ID}");
-			sslStream = provider.CreateSslStream (networkStream, false, settings);
+			sslStream = new SslStream (networkStream, false, provider, settings);
 
 			try {
 				var host = request.Host;
@@ -121,7 +121,7 @@ namespace Mono.Net.Security
 
 				status = WebExceptionStatus.Success;
 
-				request.ServicePoint.UpdateClientCertificate (sslStream.InternalLocalCertificate);
+				request.ServicePoint.UpdateClientCertificate (sslStream.LocalCertificate);
 			} catch (Exception ex) {
 				WebConnection.Debug ($"MONO TLS STREAM ERROR: {socket.ID} {socket.CleanedUp} {ex.Message}");
 				if (socket.CleanedUp)
@@ -147,7 +147,7 @@ namespace Mono.Net.Security
 				throw;
 			}
 
-			return sslStream.AuthenticatedStream;
+			return sslStream;
 #else
 			throw new PlatformNotSupportedException (EXCEPTION_MESSAGE);
 #endif
diff --git a/mcs/class/System/Mono.Net.Security/NoReflectionHelper.cs b/mcs/class/System/Mono.Net.Security/NoReflectionHelper.cs
index 7a440a46202..e5ef4981966 100644
--- a/mcs/class/System/Mono.Net.Security/NoReflectionHelper.cs
+++ b/mcs/class/System/Mono.Net.Security/NoReflectionHelper.cs
@@ -96,7 +96,7 @@ namespace Mono.Net.Security
 		internal static HttpWebRequest CreateHttpsRequest (Uri requestUri, object provider, object settings)
 		{
 			#if SECURITY_DEP
-			return new HttpWebRequest (requestUri, (MSI.MonoTlsProvider)provider, (MSI.MonoTlsSettings)settings);
+			return new HttpWebRequest (requestUri, (MobileTlsProvider)provider, (MSI.MonoTlsSettings)settings);
 			#else
 			throw new NotSupportedException ();
 			#endif
diff --git a/mcs/class/System/System.Net.Mail/SmtpClient.cs b/mcs/class/System/System.Net.Mail/SmtpClient.cs
index 19197681a7e..50937672a83 100644
--- a/mcs/class/System/System.Net.Mail/SmtpClient.cs
+++ b/mcs/class/System/System.Net.Mail/SmtpClient.cs
@@ -1167,10 +1167,10 @@ try {
 			var tlsProvider = MonoTlsProviderFactory.GetProviderInternal ();
 			var settings = MSI.MonoTlsSettings.CopyDefaultSettings ();
 			settings.UseServicePointManagerCallback = true;
-			var sslStream = tlsProvider.CreateSslStream (stream, false, settings);
+			var sslStream = new SslStream (stream, false, tlsProvider, settings);
 			CheckCancellation ();
 			sslStream.AuthenticateAsClient (Host, this.ClientCertificates, SslProtocols.Default, false);
-			stream = sslStream.AuthenticatedStream;
+			stream = sslStream;
 
 #else
 			throw new SystemException ("You are using an incomplete System.dll build");
diff --git a/mcs/class/System/System.Net.Security/SslStream.cs b/mcs/class/System/System.Net.Security/SslStream.cs
index 79b755b168d..eb3110bc024 100644
--- a/mcs/class/System/System.Net.Security/SslStream.cs
+++ b/mcs/class/System/System.Net.Security/SslStream.cs
@@ -79,22 +79,20 @@ namespace System.Net.Security
 	public class SslStream : AuthenticatedStream
 	{
 #if SECURITY_DEP
-		MonoTlsProvider provider;
+		MNS.MobileTlsProvider provider;
 		MonoTlsSettings settings;
 		RemoteCertificateValidationCallback validationCallback;
 		LocalCertificateSelectionCallback selectionCallback;
+		MNS.MobileAuthenticatedStream impl;
 		bool explicitSettings;
-		IMonoSslStream impl;
 
-		internal IMonoSslStream Impl {
+		internal MNS.MobileAuthenticatedStream Impl {
 			get {
 				CheckDisposed ();
 				return impl;
 			}
 		}
 
-		IMonoSslStream2 Impl2 => (IMonoSslStream2)Impl;
-
 		internal MonoTlsProvider Provider {
 			get {
 				CheckDisposed ();
@@ -102,9 +100,16 @@ namespace System.Net.Security
 			}
 		}
 
-		static MonoTlsProvider GetProvider ()
+		internal string InternalTargetHost {
+			get {
+				CheckDisposed ();
+				return impl.TargetHost;
+			}
+		}
+
+		static MNS.MobileTlsProvider GetProvider ()
 		{
-			return MonoTlsProviderFactory.GetProvider ();
+			return (MNS.MobileTlsProvider)MonoTlsProviderFactory.GetProvider ();
 		}
 
 		public SslStream (Stream innerStream)
@@ -117,7 +122,7 @@ namespace System.Net.Security
 		{
 			provider = GetProvider ();
 			settings = MonoTlsSettings.CopyDefaultSettings ();
-			impl = provider.CreateSslStreamInternal (this, innerStream, leaveInnerStreamOpen, settings);
+			impl = provider.CreateSslStream (this, innerStream, leaveInnerStreamOpen, settings);
 		}
 
 		public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback)
@@ -132,7 +137,7 @@ namespace System.Net.Security
 			settings = MonoTlsSettings.CopyDefaultSettings ();
 			SetAndVerifyValidationCallback (userCertificateValidationCallback);
 			SetAndVerifySelectionCallback (userCertificateSelectionCallback);
-			impl = provider.CreateSslStream (innerStream, leaveInnerStreamOpen, settings);
+			impl = provider.CreateSslStream (this, innerStream, leaveInnerStreamOpen, settings);
 		}
 
 		[MonoLimitation ("encryptionPolicy is ignored")]
@@ -144,13 +149,13 @@ namespace System.Net.Security
 		internal SslStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsProvider provider, MonoTlsSettings settings)
 			: base (innerStream, leaveInnerStreamOpen)
 		{
-			this.provider = provider;
+			this.provider = (MNS.MobileTlsProvider)provider;
 			this.settings = settings.Clone ();
 			explicitSettings = true;
-			impl = provider.CreateSslStreamInternal (this, innerStream, leaveInnerStreamOpen, settings);
+			impl = this.provider.CreateSslStream (this, innerStream, leaveInnerStreamOpen, settings);
 		}
 
-		internal static IMonoSslStream CreateMonoSslStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsProvider provider, MonoTlsSettings settings)
+		internal static IMonoSslStream CreateMonoSslStream (Stream innerStream, bool leaveInnerStreamOpen, MNS.MobileTlsProvider provider, MonoTlsSettings settings)
 		{
 			var sslStream = new SslStream (innerStream, leaveInnerStreamOpen, provider, settings);
 			return sslStream.Impl;
@@ -198,12 +203,12 @@ namespace System.Net.Security
 
 		public virtual void AuthenticateAsClient (string targetHost)
 		{
-			Impl.AuthenticateAsClient (targetHost);
+			AuthenticateAsClient (targetHost, new X509CertificateCollection (), SecurityProtocol.SystemDefaultSecurityProtocols, false);
 		}
 
 		public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
 		{
-			Impl.AuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+			AuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
 		}
 
 		public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
@@ -213,27 +218,28 @@ namespace System.Net.Security
 
 		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState)
 		{
-			return Impl.BeginAuthenticateAsClient (targetHost, asyncCallback, asyncState);
+			return BeginAuthenticateAsClient (targetHost, new X509CertificateCollection (), SecurityProtocol.SystemDefaultSecurityProtocols, false, asyncCallback, asyncState);
 		}
 
 		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
-			return Impl.BeginAuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+			return BeginAuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
 		}
 
 		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
-			return Impl.BeginAuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+			var task = Impl.AuthenticateAsClientAsync (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
+			return TaskToApm.Begin (task, asyncCallback, asyncState);
 		}
 
 		public virtual void EndAuthenticateAsClient (IAsyncResult asyncResult)
 		{
-			Impl.EndAuthenticateAsClient (asyncResult);
+			TaskToApm.End (asyncResult);
 		}
 
 		public virtual void AuthenticateAsServer (X509Certificate serverCertificate)
 		{
-			Impl.AuthenticateAsServer (serverCertificate);
+			Impl.AuthenticateAsServer (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false);
 		}
 
 		public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
@@ -248,29 +254,30 @@ namespace System.Net.Security
 
 		public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState)
 		{
-			return Impl.BeginAuthenticateAsServer (serverCertificate, asyncCallback, asyncState);
+			return BeginAuthenticateAsServer (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false, asyncCallback, asyncState);
 		}
 
 		public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
-			return Impl.BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+			return BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
 		}
 
 		public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
-			return Impl.BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+			var task = Impl.AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation);
+			return TaskToApm.Begin (task, asyncCallback, asyncState);
 		}
 
 		public virtual void EndAuthenticateAsServer (IAsyncResult asyncResult)
 		{
-			Impl.EndAuthenticateAsServer (asyncResult);
+			TaskToApm.End (asyncResult);
 		}
 
 		public TransportContext TransportContext => null;
 
 		public virtual Task AuthenticateAsClientAsync (string targetHost)
 		{
-			return Impl.AuthenticateAsClientAsync (targetHost);
+			return Impl.AuthenticateAsClientAsync (targetHost, new X509CertificateCollection (), SecurityProtocol.SystemDefaultSecurityProtocols, false);
 		}
 
 		public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
@@ -287,12 +294,12 @@ namespace System.Net.Security
 		{
 			SetAndVerifyValidationCallback (sslClientAuthenticationOptions.RemoteCertificateValidationCallback);
 			SetAndVerifySelectionCallback (sslClientAuthenticationOptions.LocalCertificateSelectionCallback);
-			return Impl2.AuthenticateAsClientAsync (new MNS.MonoSslClientAuthenticationOptions (sslClientAuthenticationOptions), cancellationToken);
+			return Impl.AuthenticateAsClientAsync (new MNS.MonoSslClientAuthenticationOptions (sslClientAuthenticationOptions), cancellationToken);
 		}
 
 		public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate)
 		{
-			return Impl.AuthenticateAsServerAsync (serverCertificate);
+			return Impl.AuthenticateAsServerAsync (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false);
 		}
 
 		public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
@@ -307,7 +314,7 @@ namespace System.Net.Security
 
 		public Task AuthenticateAsServerAsync (SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken)
 		{
-			return Impl2.AuthenticateAsServerAsync (CreateAuthenticationOptions (sslServerAuthenticationOptions), cancellationToken);
+			return Impl.AuthenticateAsServerAsync (CreateAuthenticationOptions (sslServerAuthenticationOptions), cancellationToken);
 		}
 
 		public virtual Task ShutdownAsync ()
@@ -471,27 +478,16 @@ namespace System.Net.Security
 			Impl.Write (buffer, offset, count);
 		}
 
-		// [HostProtection (ExternalThreading=true)]
-		public override IAsyncResult BeginRead (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState)
+		public override Task<int> ReadAsync (byte[] buffer, int offset, int count, CancellationToken cancellationToken)
 		{
-			return Impl.BeginRead (buffer, offset, count, asyncCallback, asyncState);
+			return Impl.ReadAsync (buffer, offset, count, cancellationToken);
 		}
 
-		public override int EndRead (IAsyncResult asyncResult)
+		public override Task WriteAsync (byte[] buffer, int offset, int count, CancellationToken cancellationToken)
 		{
-			return Impl.EndRead (asyncResult);
+			return Impl.WriteAsync (buffer, offset, count, cancellationToken);
 		}
 
-		// [HostProtection (ExternalThreading=true)]
-		public override IAsyncResult BeginWrite (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState)
-		{
-			return Impl.BeginWrite (buffer, offset, count, asyncCallback, asyncState);
-		}
-
-		public override void EndWrite (IAsyncResult asyncResult)
-		{
-			Impl.EndWrite (asyncResult);
-		}
 #else // !SECURITY_DEP
 		const string EXCEPTION_MESSAGE = "System.Net.Security.SslStream is not supported on the current platform.";
 
diff --git a/mcs/class/System/System.Net/HttpWebRequest.cs b/mcs/class/System/System.Net/HttpWebRequest.cs
index 9a305810d01..75982d033df 100644
--- a/mcs/class/System/System.Net/HttpWebRequest.cs
+++ b/mcs/class/System/System.Net/HttpWebRequest.cs
@@ -114,7 +114,7 @@ namespace System.Net
 		static RequestCachePolicy defaultCachePolicy;
 		int readWriteTimeout = 300000; // ms
 #if SECURITY_DEP
-		MonoTlsProvider tlsProvider;
+		MobileTlsProvider tlsProvider;
 		MonoTlsSettings tlsSettings;
 #endif
 		ServerCertValidationCallback certValidationCallback;
@@ -166,7 +166,7 @@ namespace System.Net
 		}
 
 #if SECURITY_DEP
-		internal HttpWebRequest (Uri uri, MonoTlsProvider tlsProvider, MonoTlsSettings settings = null)
+		internal HttpWebRequest (Uri uri, MobileTlsProvider tlsProvider, MonoTlsSettings settings = null)
 			: this (uri)
 		{
 			this.tlsProvider = tlsProvider;
@@ -265,7 +265,7 @@ namespace System.Net
 		}
 
 #if SECURITY_DEP
-		internal MonoTlsProvider TlsProvider {
+		internal MobileTlsProvider TlsProvider {
 			get { return tlsProvider; }
 		}
 
diff --git a/mcs/class/System/System.csproj b/mcs/class/System/System.csproj
index f66531b1a64..935e1d5d0c5 100644
--- a/mcs/class/System/System.csproj
+++ b/mcs/class/System/System.csproj
@@ -1088,6 +1088,7 @@
         <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
         <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
         <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+        <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
         <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -1227,6 +1228,7 @@
         <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
         <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
         <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+        <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
         <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -1321,6 +1323,7 @@
         <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
         <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
         <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+        <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
         <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -1450,6 +1453,7 @@
         <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
         <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
         <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+        <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
         <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -1574,6 +1578,7 @@
         <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
         <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
         <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+        <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
         <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -1897,6 +1902,7 @@
             <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
             <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
             <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+            <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
             <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -2369,6 +2375,7 @@
             <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
             <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
             <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+            <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
             <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -2881,6 +2888,7 @@
             <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
             <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
             <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+            <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
             <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -3381,6 +3389,7 @@
             <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
             <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
             <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+            <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
             <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -3817,6 +3826,7 @@
         <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
         <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
         <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+        <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
         <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -3954,6 +3964,7 @@
         <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
         <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
         <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+        <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
         <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
         <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -4107,6 +4118,7 @@
             <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
             <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
             <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+            <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
             <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -4227,6 +4239,7 @@
             <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
             <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
             <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+            <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
             <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -4368,6 +4381,7 @@
             <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
             <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
             <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+            <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
             <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
@@ -4509,6 +4523,7 @@
             <Compile Include="Mono.Net.Security\ChainValidationHelper.cs" />
             <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
             <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+            <Compile Include="Mono.Net.Security\MobileTlsProvider.cs" />
             <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
             <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
diff --git a/mcs/class/System/common_networking.sources b/mcs/class/System/common_networking.sources
index 78cb8279c88..863fe62450f 100644
--- a/mcs/class/System/common_networking.sources
+++ b/mcs/class/System/common_networking.sources
@@ -6,6 +6,7 @@ Mono.Net.Security/CallbackHelpers.cs
 Mono.Net.Security/ChainValidationHelper.cs
 Mono.Net.Security/MobileAuthenticatedStream.cs
 Mono.Net.Security/MobileTlsContext.cs
+Mono.Net.Security/MobileTlsProvider.cs
 Mono.Net.Security/MonoSslAuthenticationOptions.cs
 Mono.Net.Security/MonoSslClientAuthenticationOptions.cs
 Mono.Net.Security/MonoSslServerAuthenticationOptions.cs
author	Martin Baulig <mabaul@microsoft.com>	2019-10-24 20:42:54 +0300
committer	Alexander Köplinger <alex.koeplinger@outlook.com>	2019-10-24 20:42:54 +0300
commit	1553889bc54f87060158febca7e6b8b9910975f8 (patch)
tree	b6565f378f3432404961bcb66e594cb73824feb3
parent	638e2c6a8614d25aad591112d3414e28641b97e0 (diff)