summaryrefslogtreecommitdiff
path: root/csharp/src
diff options
context:
space:
mode:
Diffstat (limited to 'csharp/src')
-rw-r--r--csharp/src/IceSSL/Instance.cs2
-rw-r--r--csharp/src/IceSSL/Plugin.cs2
-rw-r--r--csharp/src/IceSSL/SSLEngine.cs6
-rw-r--r--csharp/src/IceSSL/TransceiverI.cs20
-rw-r--r--csharp/src/IceSSL/TrustManager.cs6
-rw-r--r--csharp/src/IceSSL/Util.cs15
6 files changed, 13 insertions, 38 deletions
diff --git a/csharp/src/IceSSL/Instance.cs b/csharp/src/IceSSL/Instance.cs
index de4804443d2..d3de34f4ff1 100644
--- a/csharp/src/IceSSL/Instance.cs
+++ b/csharp/src/IceSSL/Instance.cs
@@ -60,7 +60,7 @@ namespace IceSSL
_engine.traceStream(stream, connInfo);
}
- internal void verifyPeer(string address, NativeConnectionInfo info, string desc)
+ internal void verifyPeer(string address, IceSSL.ConnectionInfo info, string desc)
{
_engine.verifyPeer(address, info, desc);
}
diff --git a/csharp/src/IceSSL/Plugin.cs b/csharp/src/IceSSL/Plugin.cs
index 6340f71df5c..63647d31a63 100644
--- a/csharp/src/IceSSL/Plugin.cs
+++ b/csharp/src/IceSSL/Plugin.cs
@@ -22,7 +22,7 @@ namespace IceSSL
// Return true to allow a connection using the provided certificate
// information, or false to reject the connection.
//
- bool verify(NativeConnectionInfo info);
+ bool verify(IceSSL.ConnectionInfo info);
}
/// <summary>
diff --git a/csharp/src/IceSSL/SSLEngine.cs b/csharp/src/IceSSL/SSLEngine.cs
index a958d117ec6..4b7288808bc 100644
--- a/csharp/src/IceSSL/SSLEngine.cs
+++ b/csharp/src/IceSSL/SSLEngine.cs
@@ -477,14 +477,14 @@ namespace IceSSL
_logger.trace(_securityTraceCategory, s.ToString());
}
- internal void verifyPeer(string address, NativeConnectionInfo info, string desc)
+ internal void verifyPeer(string address, IceSSL.ConnectionInfo info, string desc)
{
- if(_verifyDepthMax > 0 && info.nativeCerts != null && info.nativeCerts.Length > _verifyDepthMax)
+ if(_verifyDepthMax > 0 && info.certs != null && info.certs.Length > _verifyDepthMax)
{
string msg = (info.incoming ? "incoming" : "outgoing") + " connection rejected:\n" +
- "length of peer's certificate chain (" + info.nativeCerts.Length + ") exceeds maximum of " +
+ "length of peer's certificate chain (" + info.certs.Length + ") exceeds maximum of " +
_verifyDepthMax + "\n" + desc;
if(_securityTraceLevel >= 1)
{
diff --git a/csharp/src/IceSSL/TransceiverI.cs b/csharp/src/IceSSL/TransceiverI.cs
index ea026ef098a..a10f62abf45 100644
--- a/csharp/src/IceSSL/TransceiverI.cs
+++ b/csharp/src/IceSSL/TransceiverI.cs
@@ -66,22 +66,14 @@ namespace IceSSL
List<string> certs = new List<string>();
if(_chain.ChainElements != null && _chain.ChainElements.Count > 0)
{
- _nativeCerts = new X509Certificate2[_chain.ChainElements.Count];
+ _certs = new X509Certificate2[_chain.ChainElements.Count];
for(int i = 0; i < _chain.ChainElements.Count; ++i)
{
- X509Certificate2 cert = _chain.ChainElements[i].Certificate;
- _nativeCerts[i] = cert;
-
- StringBuilder s = new StringBuilder();
- s.Append("-----BEGIN CERTIFICATE-----\n");
- s.Append(Convert.ToBase64String(cert.Export(X509ContentType.Cert)));
- s.Append("\n-----END CERTIFICATE-----");
- certs.Add(s.ToString());
+ _certs[i] = _chain.ChainElements[i].Certificate;
}
}
- _certs = certs.ToArray();
- _instance.verifyPeer(_host, (NativeConnectionInfo)getInfo(), ToString());
+ _instance.verifyPeer(_host, (ConnectionInfo)getInfo(), ToString());
if(_instance.securityTraceLevel() >= 1)
{
@@ -331,14 +323,13 @@ namespace IceSSL
public Ice.ConnectionInfo getInfo()
{
- NativeConnectionInfo info = new NativeConnectionInfo();
+ ConnectionInfo info = new ConnectionInfo();
info.underlying = _delegate.getInfo();
info.incoming = _incoming;
info.adapterName = _adapterName;
info.cipher = _cipher;
info.certs = _certs;
info.verified = _verified;
- info.nativeCerts = _nativeCerts;
return info;
}
@@ -771,8 +762,7 @@ namespace IceSSL
private int _maxSendPacketSize;
private int _maxRecvPacketSize;
private string _cipher;
- private string[] _certs;
+ private X509Certificate2[] _certs;
private bool _verified;
- private X509Certificate2[] _nativeCerts;
}
}
diff --git a/csharp/src/IceSSL/TrustManager.cs b/csharp/src/IceSSL/TrustManager.cs
index 98697dd0942..e5f69a474c7 100644
--- a/csharp/src/IceSSL/TrustManager.cs
+++ b/csharp/src/IceSSL/TrustManager.cs
@@ -57,7 +57,7 @@ namespace IceSSL
}
}
- internal bool verify(NativeConnectionInfo info, string desc)
+ internal bool verify(IceSSL.ConnectionInfo info, string desc)
{
List<List<List<RFC2253.RDNPair>>> reject = new List<List<List<RFC2253.RDNPair>>>(),
accept = new List<List<List<RFC2253.RDNPair>>>();
@@ -127,9 +127,9 @@ namespace IceSSL
//
// If there is no certificate then we match false.
//
- if(info.nativeCerts != null && info.nativeCerts.Length > 0)
+ if(info.certs != null && info.certs.Length > 0)
{
- X500DistinguishedName subjectDN = info.nativeCerts[0].SubjectName;
+ X500DistinguishedName subjectDN = info.certs[0].SubjectName;
string subjectName = subjectDN.Name;
Debug.Assert(subjectName != null);
try
diff --git a/csharp/src/IceSSL/Util.cs b/csharp/src/IceSSL/Util.cs
index 242c596febb..30ca194b8e2 100644
--- a/csharp/src/IceSSL/Util.cs
+++ b/csharp/src/IceSSL/Util.cs
@@ -13,21 +13,6 @@ namespace IceSSL
using System.Diagnostics;
using System.Security.Cryptography.X509Certificates;
- /// <summary>
- /// This class provides information about a connection to applications
- /// that require information about a peer, for example, to implement
- /// a CertificateVerifier.
- /// </summary>
- public sealed class NativeConnectionInfo : ConnectionInfo
- {
- /// <summary>
- /// The certificate chain. This may be null if the peer did not
- /// supply a certificate. The peer's certificate (if any) is the
- /// first one in the chain.
- /// </summary>
- public X509Certificate2[] nativeCerts;
- }
-
public sealed class Util
{
public static X509Certificate2 createCertificate(string certPEM)
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-04 05:09:43 +0000