/
SslCertificateTrust.xml
131 lines (122 loc) · 8.99 KB
/
SslCertificateTrust.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<Type Name="SslCertificateTrust" FullName="System.Net.Security.SslCertificateTrust">
<TypeSignature Language="C#" Value="public sealed class SslCertificateTrust" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi sealed beforefieldinit SslCertificateTrust extends System.Object" />
<TypeSignature Language="DocId" Value="T:System.Net.Security.SslCertificateTrust" />
<TypeSignature Language="VB.NET" Value="Public NotInheritable Class SslCertificateTrust" />
<TypeSignature Language="F#" Value="type SslCertificateTrust = class" />
<TypeSignature Language="C++ CLI" Value="public ref class SslCertificateTrust sealed" />
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Base>
<BaseTypeName>System.Object</BaseTypeName>
</Base>
<Interfaces />
<Attributes>
<Attribute FrameworkAlternate="net-8.0;net-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.Nullable(0)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.Nullable(0)>]</AttributeName>
</Attribute>
<Attribute FrameworkAlternate="net-8.0;net-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.NullableContext(1)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.NullableContext(1)>]</AttributeName>
</Attribute>
</Attributes>
<Docs>
<summary>Represents a trust policy for use with SSL/TLS connections.</summary>
<remarks>To be added.</remarks>
</Docs>
<Members>
<Member MemberName="CreateForX509Collection">
<MemberSignature Language="C#" Value="public static System.Net.Security.SslCertificateTrust CreateForX509Collection (System.Security.Cryptography.X509Certificates.X509Certificate2Collection trustList, bool sendTrustInHandshake = false);" />
<MemberSignature Language="ILAsm" Value=".method public static hidebysig class System.Net.Security.SslCertificateTrust CreateForX509Collection(class System.Security.Cryptography.X509Certificates.X509Certificate2Collection trustList, bool sendTrustInHandshake) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslCertificateTrust.CreateForX509Collection(System.Security.Cryptography.X509Certificates.X509Certificate2Collection,System.Boolean)" />
<MemberSignature Language="VB.NET" Value="Public Shared Function CreateForX509Collection (trustList As X509Certificate2Collection, Optional sendTrustInHandshake As Boolean = false) As SslCertificateTrust" />
<MemberSignature Language="F#" Value="static member CreateForX509Collection : System.Security.Cryptography.X509Certificates.X509Certificate2Collection * bool -> System.Net.Security.SslCertificateTrust" Usage="System.Net.Security.SslCertificateTrust.CreateForX509Collection (trustList, sendTrustInHandshake)" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute FrameworkAlternate="net-6.0">
<AttributeName Language="C#">[System.Runtime.Versioning.UnsupportedOSPlatform("windows")]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.Versioning.UnsupportedOSPlatform("windows")>]</AttributeName>
</Attribute>
</Attributes>
<ReturnValue>
<ReturnType>System.Net.Security.SslCertificateTrust</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="trustList" Type="System.Security.Cryptography.X509Certificates.X509Certificate2Collection" />
<Parameter Name="sendTrustInHandshake" Type="System.Boolean" />
</Parameters>
<Docs>
<param name="trustList">The collection containing the trusted certificates.</param>
<param name="sendTrustInHandshake">
<see langword="true" /> for the server to send a list of trusted certificate authorities during the TLS handshake; <see langword="false" /> not to send the list.</param>
<summary>Creates a new <see cref="T:System.Net.Security.SslCertificateTrust" />.</summary>
<returns>Represents a trust policy.</returns>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
If the `sendTrustInHandshake` argument is `true`, the client can use the list of trusted certificate authorities from the server to select an appropriate client certificate. Sending trusted issuers list is not supported for `SslCertificateTrust` instances created using the `SslCertificaetTrust.CreateForX509Collection` in .NET 6.
Since .NET 7, the sending trusted issuers list is supported on Linux and OSX platforms.
> [!WARNING]
> The list of trusted CAs increases the size of the handshake message. It could also be viewed as an information leak about the system's configuration. For these reasons, we recommend setting `sendTrustInHandshake` to `false`.
]]></format>
</remarks>
<exception cref="T:System.PlatformNotSupportedException">
<paramref name="sendTrustInHandshake" /> is <see langword="true" /> and the current platform does not support sending trusted issuers list in handshake.
</exception>
</Docs>
</Member>
<Member MemberName="CreateForX509Store">
<MemberSignature Language="C#" Value="public static System.Net.Security.SslCertificateTrust CreateForX509Store (System.Security.Cryptography.X509Certificates.X509Store store, bool sendTrustInHandshake = false);" />
<MemberSignature Language="ILAsm" Value=".method public static hidebysig class System.Net.Security.SslCertificateTrust CreateForX509Store(class System.Security.Cryptography.X509Certificates.X509Store store, bool sendTrustInHandshake) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslCertificateTrust.CreateForX509Store(System.Security.Cryptography.X509Certificates.X509Store,System.Boolean)" />
<MemberSignature Language="VB.NET" Value="Public Shared Function CreateForX509Store (store As X509Store, Optional sendTrustInHandshake As Boolean = false) As SslCertificateTrust" />
<MemberSignature Language="F#" Value="static member CreateForX509Store : System.Security.Cryptography.X509Certificates.X509Store * bool -> System.Net.Security.SslCertificateTrust" Usage="System.Net.Security.SslCertificateTrust.CreateForX509Store (store, sendTrustInHandshake)" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Net.Security.SslCertificateTrust</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="store" Type="System.Security.Cryptography.X509Certificates.X509Store" />
<Parameter Name="sendTrustInHandshake" Type="System.Boolean" />
</Parameters>
<Docs>
<param name="store">The store containing the trusted certificates.</param>
<param name="sendTrustInHandshake">
<see langword="true" /> for the server to send a list of trusted certificate authorities during the TLS handshake; <see langword="false" /> not to send the list.</param>
<summary>Creates a new <see cref="T:System.Net.Security.SslCertificateTrust" />.</summary>
<returns>Represents a trust policy.</returns>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
If the `sendTrustInHandshake` argument is `true`, the client can use the list of trusted certificate authorities from the server to select an appropriate client certificate. In .NET 6, the list is only sent on Windows, and it depends on the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendTrustedIssuerList" registry setting being set to 1. Since .NET 7, the list is sent on Linux and OSX platforms as well.
> [!WARNING]
> The list of trusted CAs increases the size of the handshake message. It could also be viewed as an information leak about the system's configuration. For these reasons, we recommend setting `sendTrustInHandshake` to `false`.
]]></format>
</remarks>
<exception cref="T:System.PlatformNotSupportedException">
<paramref name="sendTrustInHandshake" /> is <see langword="true" /> and the current platform does not support sending trusted issuers list in handshake, or (on Windows) the <paramref name="store" />'s location is not <see cref="T:System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine" />.
</exception>
</Docs>
</Member>
</Members>
</Type>