Age | Commit message (Collapse) | Author |
|
### Overview
After the removal of the Legacy TLS Provider, we can make some cleanups and improvements to the `SslStream` class. Since both the remaining providers use the internal `MobileAuthenticatedStream` and support Task-async code, we can get rid of some of the Begin/End async logic and the the underlying
`Stream` class handle it instead.
This also fixes a nasty issue with some of those task objects leaking unobserved exceptions. The problem was that `SslStream.Dispose()` needs to clear out all resources, but in doing so also nulls out the `Impl` handle to the `MobileAuthenticatedStream` - so a subsequent `End*()` call will not reach it's corresponding `TaskToApm.End()` method.
There are also some cleanups in the internal APIs that were only ever used internally and not intended for public consumption.
### Mono.Security.dll
* `Mono.Security.Interface`: removed internal `ICertificateValidator2` interface.
* `Mono.Security.Interface.IMonoSslStream`: this internal interface is only used by the web-tests, which only use it as a way to get the `SslStream` instance, so all those `Begin/End` async methods are now gone.
* `Mono.Security.Interface.IMonoSslStream2`: removed another internal interface.
* `Mono.Security.Interface.MonoTlsProvider`: removed some `internal abstract` methods; these have been moved into a new `Mono.Net.Security.MobileTlsProvider` inside `System.dll`.
### System.dll
* `Mono.Net.Security.MobileTlsProvider`:
New abstract internal base class, which received the aforementioned abstract internal methods. The naming is such to make it consistent with the already existing `MobileTlsContext` and `MobileAuthenticatedStream`.
Since both `AppleTlsProvider` and `BtlsProvider` now have an abstract internal base class inside `System.dll`, they can use the `ChainValidationHelper` class directly and we can also avoid some `Mono.Security` dances like for instance that `MonoSslPolicyErrors` enum.
This will also help make the code easier to read and maintainer.
* `Mono.AppleTls.AppleTlsProvider` and `Mono.Btls.MonoBtlsProvider`: change base class into `MobileTlsProvider` and reflect above mentioned overload changes.
* `Mono.AppleTls.AppleCertificateHelper`: use `ChainValidationHelper` as well.
* `Mono.Net.Security.ChainValidationHelper`: only implement `ICertificateValidator`.
The `ICertificateValidator` interface is still required because it is in use by the web-tests, but the previous `ICertificateValidator2` was an internal dance.
* `Mono.Net.Security.MobileAuthenticatedStream`: largely cleaned up this class.
- we now implement the current slimmer version of `IMonoSslStream`.
- moved all those overloads into `SslStream` that only fill in default values for some of their arguments and then call another overloaded version of their own.
- removed lots of `Begin/End` methods that are not used anymore.
* `Mono.Net.Security.MonoTlsProviderFactory`: use `MobileTlsStream` everywhere.
* `Mono.Net.Security.MonoTlsStream`: cleanup `SslStream` creation logic; instead of going throw `provider.CreateSslStream()`, we can now use an internal constructor directly, thus avoiding the `IMonoSslStream` interface while also making the code a lot easier to read and understand.
* `System.Net.Mail.SmtpClient`: same here.
* `System.Net.HttpWebRequest`: use `MobileTlsProvider`.
* `System.Net.Security.SslStream`: largely cleaned up this class.
- we now use `MobileAuthenticatedStream` directly instead of the `IMonoSslStream` interface and therefore could also get rid of `IMonoSslStream2`.
- cleanup constructor logic to allow the internal constructor being used with a `MobileTlsProvider` instead of going through `provider.CreateSslStream()`.
- all those overloads that are only filling in default values for some of their arguments before calling another overloaded version of their own now live here instead of in the `MobileAuthenticatedStream` class. The reason is to simply that `MobileAuthenticatedStream` is already quite a complex and difficult class, and removing some of that complexity out of it will make it easier to understand.
- handle the `TaskToApm.Begin()` / `TaskToApm.End()` here to ensure that we are not leaking any task objects with unobserved exceptions.
- removed `BeginRead()` and `BeginWrite()` overloads to let the underlying `Stream` class handle these.
* Bump API snapshot submodule
* [csproj] Update project files
|
|
* `MonoTlsProviderFactory` now treats "legacy" as an alias for "default".
* `Mono.Net.Security/LegacySslStream`: Removed. This class also wasn't using the `MobileAuthenticatedStream` base class, thus preventing cleanups simplifications in that area.
* `Mono.Net.Security/LegacyTlsProvider`: Removed.
* `Mono.Security/Mono.Security.Protocol.Tls*`: Removed all the old legacy code.
* `Mono.Security.Interface.MonoTlsProviderFactory`: Bump internal version to 4.
|
|
This PR prepares the upcoming removal of the Legacy TLS Provider.
- The internal (and soon-to-be-removed) class `MD5SHA1` has been moved and changed namespace.
- `Novell.Directory.Ldap.Connection` now uses `SslStream` instead of Legacy TLS, this ports the Novell Ldap library to use TLS 1.2, see #9363.
- Removed obsolete Ssl/Spnego authentication from `System.ServiceModel`.
- Removed duplicate copy of the Legacy TLS Provider from `System.ServiceModel`.
- Ported `System.Web.Mail.SmtpClient` to use `SslStream`.
- Removed the `Mono.Security.Protocol.Tls` documentation.
|
|
This is the second and final part to bring Client Certificate support.
It needs to be landed on top of #8753 and #8756.
* `Mono.Security.Interface.IMonoSslStream`: Add `CanRenegotiate` and `RenegotiateAsync()`.
* `Mono.Security.Interface.MonoTlsSettings`: Add `DisallowUnauthenticatedCertificateRequest`.
* `AppleTlsContext`: fully support renegotiation.
- we may now receive `SslStatus.PeerAuthCompleted` and `SslStatus.PeerClientCertRequested`
during `Read()`. It should in theory not happen during `Write()`, but I added it there
as well just to be on the safe side.
- `SetSessionOption()` may only be called before the initial handshake.
* `MobileAuthenticatedStream`: this is the major part of the work and the most complex one.
- added a new `Operation` enum to keep track of what is going on and detect invalid state.
- a renegotion may only be triggered while we're idle - that is no handshake, read or write
operation is currently active.
- `InternalWrite()` may now be called from `SSLRead()`, the new `Operation` tells us what
is currently happening.
- `ProcessHandshake()` now takes a `bool renegotiate` argument.
- added sanity checks to `ProcessRead()` and `ProcessWrite()`.
* `MobileTlsContext.SelectClientCertificate()`: check for
`MonoTlsSettings.DisallowUnauthenticatedCertificateRequest`
* `MonoTlsProviderFactory.InternalVersion`: bump the internal version number.
Tests have already been added to `web-tests/master`, they will auto-enable themselves when
using a Mono runtime that contains this code.
|
|
This is the first of two Pull Requests to implement Client Certificates :-)
Part One binds the new native APIs that will be used internally, finishes
the certificate selection callbacks, but without the more riskly changes
to the underlying handshake and I/O layer.
Part Two will bring support for TLS Renegotiation - and due to the required
changes in the underlying handshake, it is the more risky one.
* `Mono.Security.Interface.MonoTlsSettings`: Add `ClientCertificateIssuers`.
* `MobileTlsContext`:
- fully implement `SelectClientCertificate()`; the `acceptableIssuers` parameter
is now actually set and we also have a reasonable default selection.
- add `CanRenegotiate` and `RenegotiateAsync()` - these are not hooked up yet.
* `AppleTlsContext`:
- we will only ever call `RequirePeerTrust()` once per session, so we can
also remove it alltogether and just use `EvaluatePeerTrust()` instead.
- use proper exceptions for `SslStatus.PeerNoRenegotiation` and `PeerUnexpectedMsg`.
- don't call `SetClientSideAuthenticate()` on the client side.
- bind and hook up `SSLAddDistinguishedName()` and `SSLCopyDistinguishedNames()`.
- bind `SSLReHandshake()`.
* `MobileAuthenticatedStream`: minor cleanups; there will be more uses of the new
`GetInvalidNestedCallException()` helper class once Part Two lands.
* Enable some more constants in `SecureTransport.cs`.
* Add new `MonoBtlsError.GetErrorReason()` and `mono_btls_error_get_reason()`
implementation, only supporting `SSL_R_NO_RENEGOTIATION` at the moment.
* Add new native `mono_btls_ssl_ctx_set_client_ca_list()` function and managed
`MonoBtlsSslCtx.SetClientCertificateIssuers()`; hooked up via
`MonoTlsSettings.ClientCertificateIssuers`.
* According to a comment in the header file, `SSL_get_client_CA_list()` may only
be called during the selection callback or while the handshake is paused.
To respect this restriction, we now call it during the client certificate
selection callback and pass the list from native to managed.
- changed signature of `MonoBtlsSelectFunc` from
`int (* MonoBtlsSelectFunc) (void *instance)` to
`int (* MonoBtlsSelectFunc) (void *instance, int countIssuers, const int *sizes, void **issuerData)`.
- the managed counter-part is in `MonoBtlsSslCtx.NativeSelectFunc` / `NativeSelectCallback`.
* MonoBtlsContext:
- use the new `MonoBtlsError.GetErrorReason()` to throw a `TlsException` with
`AlertDescription.NoRenegotiation` that can be checked for by user code.
- `SelectCallback()` now has a `string[] acceptableIssuers` argument; pass it
to `SelectClientCertificate()`.
- the native backend does not support TLS Renegotiation, so `CanRenegotiate`
always returns false.
Implements #7075
|
|
* `SslStream`: Reject attempts of setting conflicting callbacks using both the
Mono-specific `MonoTlsSettings` and the new `SslClientAuthenticationOptions` /
`SslServerAuthenticationOptions`.
This makes it consistent with CoreFx behavior where those callbacks may only be
specified in one of the possible places.
* `ChainValidationHelper` - this internal class has received a major overhaul and
lots of old and unused code removed.
All callbacks are not invoked with the correct `sender` parameter to make it
match the .NET / CoreFx behavior.
* `Mono.Security.Interface.CertificateValidationHelper`: remove unused internal code.
|
|
* Bring `SslClientAuthenticationOptions`, `SslServerAuthenticationOptions`
and `SslApplicationProtocol` from CoreFX.
* SslStream: Added new public overloads from CoreFX:
- All authentication methods have a new overload without the `SslProtocols` argument.
- New `AuthenticateAsClientAsync(SslClientAuthenticationOptions,CancellationToken)`.
- New `AuthenticateAsServerAsync(SslServerAuthenticationOptions,CancellationToken)`.
- We now use `SecurityProtocol.SystemDefaultSecurityProtocols` (which is zero) as
default value everywhere.
Everything below is internal:
* `Mono.Security.Interface`: Add internal `MonoServerCertificateSelectionCallback`,
`IMonoAuthenticationOptions`, `IMonoSslClientAuthenticationOptions` and
`IMonoSslServerAuthenticationOptions`.
* `Mono.Security.Interface.IMonoSslStream`: Add new overloads without the
`SslProtocols` argument.
* `Mono.Security.Interface.IMonoSslStream2`: New internal interface, extending
`IMonoSslStream` with the new internal APIs.
* `Mono.Net.Security`: New internal `MonoSslAuthenticationOptions`,
`MonoSslClientAuthenticationOptions` and `MonoSslServerAuthenticationOptions`
classes; these are just proxies for `SslClientAuthenticationOptions` and
`SslServerAuthenticationOptions` (which unfortunately don't share a common
base class).
* `Mono.Net.Security.MobileAuthenticatedStream`:
- Implement `IMonoSslStream2`.
- `ProcessAuthentication()` now takes `MonoSslAuthenticationOptions` instead
of the old argument list, added `CancellationToken`.
- All `IMonoSslStream` facing APIs now construct `MonoSslAuthenticationOptions`
to pass it to `ProcessAuthentication()`.
* `Mono.Net.Security`: `MobileTlsContext` and `MobileTlsStream` now use
`MonoSslAuthenticationOptions` to store all options.
Tests for the new APIs are in https://github.com/xamarin/web-tests/commit/fe347589326206f36d3cd42b59d305ff3c291857.
|
|
* [System]: Free ServicePoints when they're no longer used.
* Cleanup.
* Don't crash when ServicePoint.CloseConnectionGroup() is called after the ServicePoint has been freed.
* Remove the CloseConnectionGroupConcurrency() test.
This test was for a regression in a piece of code that no longer exist
and the test is poorly designed as it depends on precise timings.
It also attempts to make a web request to a non-exisiting server and
just ignores the error - it is unclear whether that is intentional or not.
|
|
|
|
(#5569)
* Mono.Security.Interface.IMonoSslStream: removed Flush().
* Mono.Net.Security.MobileAuthenticatedStream: Flush() now calls `InnerStream.Flush ()'.
* System.Net.Security.SslStream: Flush() now calls `InnerStream.Flush ()'.
* System.Net.Security.SslStream: fix `CanRead`, `CanWrite` and `CanTimeout` logic.
|
|
constant. (#5568)
Internal version number (not in any way related to the TLS Version).
Used by the web-tests to check whether the current Mono contains certain
features or bug fixes.
Negative version numbers are reserved for martin work branches.
|
|
* [Mono.Security]: Remove some unused `Mono.Security.Interface` classes.
* Mono.Security.Interface: removed `IBufferOffsetSize` and `BufferOffsetSize`
(these were not general-purpose BOS APIs, but depend on the internal
`SecretParameters` class).
* Mono.Security.Interface: removed `SecretParameters`, `SecureBuffer`,
`IMonoTlsEventSink`, `TlsBuffer` and `TlsMultiBuffer`.
* Bump API snapshot submodule
|
|
'MonoTlsSettings.SendCloseNotify'. (#5465)
Only send close_notify when using BTLS and explicitly requested via 'MonoTlsSettings.SendCloseNotify'.
|
|
* [Mono.Security]: Add missing IMonoSslStream.WriteAsync() method.
* Cosmetic.
* [System]: MonoTlsStream: put implementation inside #SECURITY_DEP, not the entire class.
|
|
* [System]: Correctly implement close and shutdown in SslStream.
* Cleanup.
* Cosmetic.
* More ReferenceSources/SR2.cs into common.sources to make it build.
|
|
`IMonoSslStream` (#4756)
* [Mono.Security.Interface]: Improve synergy between `MonoTlsProvider`, `SslStream` and `IMonoSslStream`.
* Add `IMonoSslStream.SslStream` property; the `IMonoSslStream` is now only created my the `SslStream`
constructor, so `SslStream` "owns" the `IMonoSslStream`.
* Add internal `MonoTlsProvider.CreateSslStreamInternal()`.
* `SslStream` does not need to implement any additional interfaces; we can do without after
getting rid of the wrapper classes.
* Add internal `SslStream.CreateMonoSslStream(Stream,bool,MonoTlsProvider,MonoTlsSettings)`.
* `MonoTlsProvider.CreateSslStream()` implementations should use this new method.
* Remove ancient obsolete MonoTlsProviderFactory APIs.
* `HttpListener` and `HttpConnection` now use `SslStream` instead of `IMonoSslStream`.
* [System]: Cleanup internal TLS Provider registration.
* Make it build.
|
|
MonoTlsProviderFactory.GetMonoSslStream(HttpListenerContext). (#4749)
* [System]: Cleanup 'SECURITY_DEP' conditionals in the internal TLS code.
* [System]: Remove 'Mono.Net.Security.IMonoSslStream'; use 'Mono.Security.Interface.IMonoSslStream' instead.
* [System]: Remove 'Mono.Net.Security.IMonoTlsProvider'; use 'Mono.Security.Interface.MonoTlsProvider' instead.
* [System]: Cleanup internal TLS code.
* [Mono.Security]: Add MonoTlsProviderFactory.GetSslStream(HttpListenerContext).
* [System]: `SslStream' should not implement any additional interfaces.
|
|
* [BTLS]: Cleanup certificate store initialization.
* Kill unused MonoBtlsX509Store.AddTrustedRoots().
* In server-mode, MonoBtlsProvider.SetupCertificateStore() now only adds
certificates explicitly trused via MonoTlsSettings.TrustAnchors.
* MonoTlsProvider.ValidateCertificate() - which is called from
X509Certificate2.Verify() via X509CertificateImplBtls.Verify() - now
uses MonoTlsSettings.DefaultSettings and assumes client-mode.
* [appletls]: Actually use the new code that was added in PR #4671.
* [btls]: Add new MonoTlsSettings.CertificateValidationTime property.
This allows you to set a custom time for certificate expiration checks.
* [appletls]: Bind SecTrustSetVerifyDate() and check MonoTlsSettings.CertificateValidationTime.
|
|
|
|
* [btls]: Add option to specify the certificate search paths.
* MonoTlsSettings.CertificateSearchPaths: new property.
Valid values are
- @default - add default search paths
- @user - add default user search path
- @machine - add default machine search path
- @trust - add 'MonoTlsSettings.TrustedRoots'
- @pem:<directory> - custom directory containing certificates in PEM format
- @der:<directory> - same, in DER format
* Make it internal for the moment.
* Cosmetic; use "?.".
|
|
It's very confusing to get an "obsolete" warning
without knowing what to replace the API with.
|
|
(#3674)
* [Mono.Security]: Remove Mono.Security.Interface.IMonoTlsContext.
This interface is not actually used anywhere anymore, so we can also
just get rid of it.
* [System]: Removed unused private TLS classes.
* [Mono.Security]: Cleanup the MonoTlsProvider's certificate validation code.
Each TLS Provider now has its own certificate validator and there is no
automatic fallback anymore. We only have three different TLS Providers,
"legacy", "appletls" and "btls" - and legacy is the only one which used
the managed validator. Both AppleTls and BTLS provider their own validator,
which invokes some native API.
All of the following were internal APIs.
* MonoTlsProvider.HasCustomSystemCertificateValidator has been removed.
* MonoTlsProvider.InvokeSystemCertificateValidator() has been renamed
into ValidateCertificate() and is now abstract.
(cherry picked from commit 63c0803b2b60ccf50cc16ae93cc70443ccf364f2)
|
|
(cherry picked from commit fcc570920db2d63cee0c9a00c03b8b0dad6e6df5)
|
|
The "global" TLS Provider (returned by MonoTlsProviderFactory.GetProvider())
may only be modified at application startup (before any of the TLS / Certificate
code has been used).
* MonoTlsProviderFactory.HasProvider has been removed.
This property used to initialize the TLS Subsystem without throwing any
exceptions. However, properties with side-effects is a bad design principle.
* Add MonoTlsProviderFactory.IsInitialized.
Does not have any side-effects.
* Add MonoTlsProviderFactory.Initialize() and Initialize(string).
May only be called at application startup and explicitly initializes the
TLS Subsystem.
* Rename MonoTlsProviderFactory.GetDefaultProvider() into GetProvider()
and removed MonoTlsProviderFactory.GetCurrentProvider().
We do not distinguish between a "default" and a "current" provider anymore;
there is only one "global" provider.
* Add MonoTlsProviderFactory.IsProviderSupported(string).
Checks whether a specific TLS Provider is supported, without having side-effects.
* Make the old APIs [Obsolete] until products have been updated.
* Add some documentation to MonoTlsProviderFactory.
(cherry picked from commit 7c3ae83b31a2456d00daf2949706719e3e694d15)
|
|
* CertificateValidationHelper.GetDefaultValidator(): rename this internal method into
GetInternalValidator() (keeping the old as [Obsolete] until products have been updated).
* CertificateValidationHelper.GetValidator(): remove the 'provider' argument.
This is part of a set of cleanups and simplifications for the upcoming BTLS integration.
|
|
|
|
(cherry picked from commit 0bafe8c3c7aaa58d28bbea51fe8756e053718c68)
|
|
(cherry picked from commit b919768e1af329ad56e034239dcc91dd634df9d9)
|
|
The overloaded GetValidator() which takes both 'MonoTlsSettings'
and 'MonoTlsProvider' is actually used by the test suite, so let's
keep it public.
(cherry picked from commit 0977d531d2579c9051a6a2e6d0cb47e4f720bea4)
|
|
(cherry picked from commit c02a885bd62631c4ff5cde5443f1b1e0cdccc237)
|
|
* Mono.Security.Interface.ICertificateValidator2:
new internal interface, deriving from ICertificateValidator.
* Mono.Security.Interface.CertificateValidationHelper:
the internal GetValidator() now returns ICertificateValidator2.
* Mono.Security.Interface.MonoTlsProvider:
make HasCustomSystemCertificateValidator and InvokeSystemCertificateValidator()
internal and use ICertificateValidator2.
* Mono.Net.Security.ChainValidator:
implement ICertificateValidator2; we may now be called with a
fully-built X509Chain.
* corlib, System, Mono.Security:
add [assembly: InternalsVisibleTo].
|
|
takes 'ref X509Chain'.
|
|
'bool?'.
The default value is 'true' when using HttpWebRequest, but false when using SslStream
directly.
(cherry picked from commit c871ff63ff09e0472fe268373237373df9739837)
|
|
Similar to 'SetDefaultProvider(string)', but return the provider instead
of installing it.
(cherry picked from commit 024241f424062a41f35061cd851f0923e25f16c7)
|
|
(cherry picked from commit 79c7c38cc608f3fe896c450131f42dfeddf0d3b4)
|
|
(cherry picked from commit 2d945d75bb1abb3a750e6fa2bc0facb768228dbb)
|
|
|
|
|
|
|
|
consistent with the other mobile profiles.
|
|
|
|
|
|
|
|
(cherry picked from commit 6609e2719437fe2bc20546908053fb4c4f7f80d2)
|
|
'IMonoSslStream' and make it an interface.
(cherry picked from commit aa2166908a4c377d423b05aa75bc021e45d94c06)
|
|
The following general-purpose enums and exception helpers were moved
here from Mono.Security.NewTls.Interface, which is going away.
* Alert, CipherAlgorithmType, CipherSuiteCode, ExchangeAlgorithmType,
HashAlgorithmType, TlsConnectionInfo, TlsException, TlsProtocolCode,
TlsProtocols.
* TlsConnectionInfo has been merged into MonoTlsConnectionInfo.
Note that you may not use 'using' statements for both 'Mono.Security.Interface'
and 'System.Security.Authentication' due to conflicting types. Use a prefix such as
"using MSI = Mono.Security.Interface;" or "using SSA = System.Security.Authentication;"
if you need both namespaces.
(cherry picked from commit af05134433c658c93f82c6f4d47b93bb4b83257f)
|
|
* MonoTlsSettings: Add static 'DefaultSettings' and CopyDefaultSettings().
* MonoTlsProvider: Add 'ID' and 'Name' properties.
(cherry picked from commit 51226c86f9f402e7bf09aefeeac7c24ca52bfdbd)
|
|
ICertificateValidator.InvokeSystemValidator and MonoTlsProvider.InvokeSystemCertificateValidator.
On OS X and Mobile, the X509Chain will be initialized with all the
certificates from the X509CertificateCollection, but not actually
built.
ServicePointManager.ServerCertificateValidationCallback can use the 'chain' argument
to get all the certificates from the server.
(cherry picked from commit 73e37f0ecfd403780d60f36d8b0d68f27987b256)
|
|
'MonoTlsSettings.UseServicePointManagerCallback' is supposed to be true.
This fixes a regression where ServicePointManager.ServerCertificateValidationCallback
was not called when using WebClient.
(cherry picked from commit 5022db1956cd7dbde46928473800ff5b5e6b651e)
|
|
`Mono.Security.Interface.ICertificateValidator'.
* ICertificateValidator.SelectClientCertificate(): return bool, indicating whether
a certificate has been selected or the caller should use its default
implementation (if it has any).
* ICertificateValidator.ValidateCertificate(): new common function for both client
and server certificates; replaces ValidateChain() and ValidateClientCertificate().
* MonoTlsProvider.InvokeSystemCertificateValidator(): return bool, indicating whether
the certificate has been validator or the default system validator should be used.
(cherry picked from commit 42421eec1e91cbcb09a531a77df296da9e5e9f5d)
|