diff --git a/source/nanoFramework.System.Net/Security/NetworkSecurity.cs b/source/nanoFramework.System.Net/Security/NetworkSecurity.cs
index 046516f..eceed97 100644
--- a/source/nanoFramework.System.Net/Security/NetworkSecurity.cs
+++ b/source/nanoFramework.System.Net/Security/NetworkSecurity.cs
@@ -70,10 +70,10 @@ public enum SslVerification
internal static class SslNative
{
[MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal static extern int SecureServerInit(int sslProtocols, int sslCertVerify, X509Certificate certificate, X509Certificate[] ca);
+ internal static extern int SecureServerInit(int sslProtocols, int sslCertVerify, X509Certificate certificate, X509Certificate ca);
[MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal static extern int SecureClientInit(int sslProtocols, int sslCertVerify, X509Certificate certificate, X509Certificate[] ca);
+ internal static extern int SecureClientInit(int sslProtocols, int sslCertVerify, X509Certificate certificate, X509Certificate ca);
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal static extern void UpdateCertificates(int contextHandle, X509Certificate certificate, X509Certificate[] ca);
diff --git a/source/nanoFramework.System.Net/Security/SslStream.cs b/source/nanoFramework.System.Net/Security/SslStream.cs
index c5bce27..8d0e39b 100644
--- a/source/nanoFramework.System.Net/Security/SslStream.cs
+++ b/source/nanoFramework.System.Net/Security/SslStream.cs
@@ -17,10 +17,18 @@ namespace System.Net.Security
///
public class SslStream : NetworkStream
{
+ private SslVerification _sslVerification;
+
// Internal flags
private int _sslContext;
private bool _isServer;
+ ///
+ /// Option for SSL verification.
+ /// The default behaviour is .
+ ///
+ public SslVerification SslVerification { get => _sslVerification; set => _sslVerification = value; }
+
//--//
///
@@ -41,6 +49,8 @@ public SslStream(Socket socket)
_sslContext = -1;
_isServer = false;
+
+ _sslVerification = SslVerification.CertificateRequired;
}
///
@@ -51,7 +61,7 @@ public SslStream(Socket socket)
/// The protocols that may be supported.
public void AuthenticateAsClient(string targetHost, params SslProtocols[] sslProtocols)
{
- AuthenticateAsClient(targetHost, null, null, SslVerification.NoVerification, sslProtocols);
+ Authenticate(false, targetHost, null, null, sslProtocols);
}
///
@@ -59,12 +69,11 @@ public void AuthenticateAsClient(string targetHost, params SslProtocols[] sslPro
/// The authentication process uses the specified certificate collections and SSL protocols.
///
/// The name of the server that will share this SslStream.
- /// The client certificate.
- /// The type of verification required for authentication.
+ /// The client certificate.
/// The protocols that may be supported.
- public void AuthenticateAsClient(string targetHost, X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
+ public void AuthenticateAsClient(string targetHost, X509Certificate clientCertificate, params SslProtocols[] sslProtocols)
{
- AuthenticateAsClient(targetHost, cert, null, verify, sslProtocols);
+ Authenticate(false, targetHost, clientCertificate, null, sslProtocols);
}
///
@@ -72,38 +81,36 @@ public void AuthenticateAsClient(string targetHost, X509Certificate cert, SslVer
/// The authentication process uses the specified certificate collections and SSL protocols.
///
/// The name of the server that will share this SslStream.
- /// The client certificate.
- /// The collection of certificates for client authorities to use for authentication.
- /// The type of verification required for authentication.
+ /// The client certificate.
+ /// Certificate Authority certificate to use for authentication with the server.
/// The protocols that may be supported.
- public void AuthenticateAsClient(string targetHost, X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
+ public void AuthenticateAsClient(string targetHost, X509Certificate clientCertificate, X509Certificate ca, params SslProtocols[] sslProtocols)
{
- Authenticate(false, targetHost, cert, ca, verify, sslProtocols);
+ Authenticate(false, targetHost, clientCertificate, ca, sslProtocols);
}
///
- /// Called by servers to authenticate the server and optionally the client in a client-server connection.
- /// This member is overloaded.For complete information about this member, including syntax, usage, and examples, click a name in the overload list.
+ /// Called by servers to authenticate the server and optionally the client in a client-server connection using the specified certificate,
+ /// verification requirements and security protocol.
///
- /// The certificate used to authenticate the server.
- /// An enumeration value that specifies the degree of verification required, such as whether the client must supply a certificate for authentication.
+ /// The certificate used to authenticate the server.
/// The protocols that may be used for authentication.
- public void AuthenticateAsServer(X509Certificate cert, SslVerification verify, params SslProtocols[] sslProtocols)
+ public void AuthenticateAsServer(X509Certificate serverCertificate, params SslProtocols[] sslProtocols)
{
- AuthenticateAsServer(cert, null, verify, sslProtocols);
+ Authenticate(true, "", null, serverCertificate, sslProtocols);
}
///
- /// Called by servers to authenticate the server and optionally the client in a client-server connection using the specified certificate,
- /// verification requirements and security protocol.
+ /// Called by servers to authenticate the server and optionally the client in a client-server connection using the specified certificates, requirements and security protocol.
///
- /// The certificate used to authenticate the server.
- /// The certifcates for certificate authorities to use for authentication.
- /// An enumeration value that specifies the degree of verification required, such as whether the client must supply a certificate for authentication.
+ /// The X509Certificate used to authenticate the server.
+ /// A value that specifies whether the client is asked for a certificate for authentication. Note that this is only a request, if no certificate is provided, the server still accepts the connection request.
/// The protocols that may be used for authentication.
- public void AuthenticateAsServer(X509Certificate cert, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
+ public void AuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, params SslProtocols[] sslProtocols)
{
- Authenticate(true, "", cert, ca, verify, sslProtocols);
+ SslVerification = SslVerification.VerifyClientOnce;
+
+ Authenticate(true, "", null, serverCertificate, sslProtocols);
}
///
@@ -118,7 +125,7 @@ public void UpdateCertificates(X509Certificate cert, X509Certificate[] ca)
SslNative.UpdateCertificates(_sslContext, cert, ca);
}
- internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate[] ca, SslVerification verify, params SslProtocols[] sslProtocols)
+ internal void Authenticate(bool isServer, string targetHost, X509Certificate certificate, X509Certificate ca, params SslProtocols[] sslProtocols)
{
SslProtocols vers = (SslProtocols)0;
@@ -135,12 +142,12 @@ internal void Authenticate(bool isServer, string targetHost, X509Certificate cer
{
if (isServer)
{
- _sslContext = SslNative.SecureServerInit((int)vers, (int)verify, certificate, ca);
+ _sslContext = SslNative.SecureServerInit((int)vers, (int)_sslVerification, certificate, ca);
SslNative.SecureAccept(_sslContext, _socket);
}
else
{
- _sslContext = SslNative.SecureClientInit((int)vers, (int)verify, certificate, ca);
+ _sslContext = SslNative.SecureClientInit((int)vers, (int)_sslVerification, certificate, ca);
SslNative.SecureConnect(_sslContext, targetHost, _socket);
}
}