[Mono.Security]: Add 'MonoTlsSettings.TrustAnchors' and 'CertificateValidationHelper.SupportsTrustAnchors'.

This is currently only supported on iOS and Mac (check 'CertificateValidationHelper.SupportsTrustAnchors')
and will pass a set of trusted root certificates to the OS validation function.  Use for self-signed
certificates instead of providing a custom callback.

1 files changed, 16 insertions, 1 deletions

diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs b/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
index 95c37210282..e2c9a05c158 100644
--- a/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
@@ -99,13 +99,24 @@ namespace Mono.Security.Interface
 	{
 		const string SecurityLibrary = "/System/Library/Frameworks/Security.framework/Security";
 		static readonly bool noX509Chain;
+		static readonly bool supportsTrustAnchors;
 
 		static CertificateValidationHelper ()
 		{
 			#if MONOTOUCH || XAMMAC
 			noX509Chain = true;
+			supportsTrustAnchors = true;
+			#elif MONODROID
+			noX509Chain = true;
+			supportsTrustAnchors = false;
 			#else
-			noX509Chain = File.Exists (SecurityLibrary);
+			if (File.Exists (SecurityLibrary)) {
+				noX509Chain = true;
+				supportsTrustAnchors = true;
+			} else {
+				noX509Chain = false;
+				supportsTrustAnchors = false;
+			}
 			#endif
 		}
 
@@ -113,6 +124,10 @@ namespace Mono.Security.Interface
 			get { return !noX509Chain; }
 		}
 
+		public static bool SupportsTrustAnchors {
+			get { return supportsTrustAnchors; }
+		}
+
 		internal static ICertificateValidator GetDefaultValidator (MonoTlsSettings settings)
 		{
 			return (ICertificateValidator)NoReflectionHelper.GetDefaultCertificateValidator (settings);