diff options
| author | Martin Baulig <martin.baulig@xamarin.com> | 2016-05-10 20:37:51 +0300 |
|---|---|---|
| committer | Martin Baulig <martin.baulig@xamarin.com> | 2016-05-10 20:40:33 +0300 |
| commit | 5a701f39c7d914c5a04da2d33f806b0709b67a5a (patch) | |
| tree | 63d69d47f70779d813485e57f79a897183c791a1 /mcs/class/System/System.Security.Cryptography.X509Certificates | |
| parent | 22f277ad8dffa2e1fa3697fb201dfc8f4ddccf32 (diff) | |
[System]: Lazy-init X509ChainPolicy.ExtraStore when called from SystemCertificateValidator. Fixes #40899.
AppleTLS supports a lazily-initialized X509Certificate, but not X509Certificate2 so
we need to fall-back to using Mono.Security.X509 whenever we need an X509Certificate2.
To avoid unnecessary fallbacks, the private Mono.Net.Security APIs use X509Certificate
instead of X509Certificate2.
Since 'ExtraStore' returns X509Certificate2Collection, we need to convert these to
X509Certificate2.
(cherry picked from commit 05e2372339b8d0b6065376096216b91098c88a8b)
Diffstat (limited to 'mcs/class/System/System.Security.Cryptography.X509Certificates')
| -rw-r--r-- | mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs index 86d4aee925e..1dc234575b8 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs @@ -35,7 +35,8 @@ namespace System.Security.Cryptography.X509Certificates { private OidCollection apps; private OidCollection cert; - private X509Certificate2Collection store; + private X509CertificateCollection store; + private X509Certificate2Collection store2; private X509RevocationFlag rflag; private X509RevocationMode mode; private TimeSpan timeout; @@ -49,6 +50,24 @@ namespace System.Security.Cryptography.X509Certificates { Reset (); } + /* + * Lazy-init ExtraStore from X509CertificateCollection. + * This is called from Mono.Net.Security.SystemCertificateValidator.CreateX509Chain. + * + * AppleTLS supports a lazily-initialized X509Certificate, but not X509Certificate2 so + * we need to fall-back to using Mono.Security.X509 whenever we need an X509Certificate2. + * To avoid unnecessary fallbacks, the private Mono.Net.Security APIs use X509Certificate + * instead of X509Certificate2. + * + * Since 'ExtraStore' returns X509Certificate2Collection, we need to convert these to + * X509Certificate2. + */ + internal X509ChainPolicy (X509CertificateCollection store) + { + this.store = store; + Reset (); + } + // properties public OidCollection ApplicationPolicy { @@ -60,7 +79,18 @@ namespace System.Security.Cryptography.X509Certificates { } public X509Certificate2Collection ExtraStore { - get { return store; } + get { + if (store2 != null) + return store2; + + store2 = new X509Certificate2Collection (); + if (store != null) { + foreach (var cert in store) { + store2.Add (new X509Certificate2 (cert)); + } + } + return store2; + } } public X509RevocationFlag RevocationFlag { @@ -106,7 +136,7 @@ namespace System.Security.Cryptography.X509Certificates { { apps = new OidCollection (); cert = new OidCollection (); - store = new X509Certificate2Collection (); + store2 = null; rflag = X509RevocationFlag.ExcludeRoot; mode = X509RevocationMode.Online; timeout = TimeSpan.Zero; |