diff --git a/websocket-sharp/Ext.cs b/websocket-sharp/Ext.cs
index 930f7e1a..abeabcc5 100644
--- a/websocket-sharp/Ext.cs
+++ b/websocket-sharp/Ext.cs
@@ -561,11 +561,10 @@ namespace WebSocketSharp
this TcpClient tcpClient,
string protocol,
bool secure,
- ServerSslAuthConfiguration sslConfiguration,
+ ServerSslAuthConfiguration sslConfig,
Logger logger)
{
- return new TcpListenerWebSocketContext (
- tcpClient, protocol, secure, sslConfiguration, logger);
+ return new TcpListenerWebSocketContext (tcpClient, protocol, secure, sslConfig, logger);
}
internal static byte[] InternalToByteArray (this ushort value, ByteOrder order)
diff --git a/websocket-sharp/Net/HttpConnection.cs b/websocket-sharp/Net/HttpConnection.cs
index 38f95207..4a2ae384 100644
--- a/websocket-sharp/Net/HttpConnection.cs
+++ b/websocket-sharp/Net/HttpConnection.cs
@@ -93,13 +93,13 @@ namespace WebSocketSharp.Net
var netStream = new NetworkStream (socket, false);
if (_secure) {
- var sslStream = new SslStream (netStream, false);
- var sslConfig = listener.SslConfiguration;
+ var conf = listener.SslConfiguration;
+ var sslStream = new SslStream (netStream, false, conf.ClientCertificateValidationCallback);
sslStream.AuthenticateAsServer (
- sslConfig.ServerCertificate,
- sslConfig.ClientCertificateRequired,
- sslConfig.EnabledSslProtocols,
- sslConfig.CheckCertificateRevocation);
+ conf.ServerCertificate,
+ conf.ClientCertificateRequired,
+ conf.EnabledSslProtocols,
+ conf.CheckCertificateRevocation);
_stream = sslStream;
}
diff --git a/websocket-sharp/Net/HttpListener.cs b/websocket-sharp/Net/HttpListener.cs
index c3659b8e..4a2aa6de 100644
--- a/websocket-sharp/Net/HttpListener.cs
+++ b/websocket-sharp/Net/HttpListener.cs
@@ -307,12 +307,12 @@ namespace WebSocketSharp.Net
}
///
- /// Gets or sets the SSL configuration used to authenticate the server and optionally the client
- /// for secure connection.
+ /// Gets or sets the SSL configuration used to authenticate the server and
+ /// optionally the client for secure connection.
///
///
- /// A that represents the configuration used to
- /// authenticate the server and optionally the client for secure connection.
+ /// A that represents the configuration
+ /// used to authenticate the server and optionally the client for secure connection.
///
///
/// This listener has been closed.
diff --git a/websocket-sharp/Net/ServerSslAuthConfiguration.cs b/websocket-sharp/Net/ServerSslAuthConfiguration.cs
index 02cfd6d4..2e655090 100644
--- a/websocket-sharp/Net/ServerSslAuthConfiguration.cs
+++ b/websocket-sharp/Net/ServerSslAuthConfiguration.cs
@@ -34,17 +34,27 @@
*/
#endregion
+using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace WebSocketSharp.Net
{
///
- /// Stores the parameters used in configuring
- /// as a server.
+ /// Stores the parameters used to configure a instance as a server.
///
public class ServerSslAuthConfiguration
{
+ #region Private Fields
+
+ private X509Certificate2 _cert;
+ private bool _checkCertRevocation;
+ private bool _clientCertRequired;
+ private RemoteCertificateValidationCallback _clientCertValidationCallback;
+ private SslProtocols _enabledProtocols;
+
+ #endregion
+
#region Public Constructors
///
@@ -60,50 +70,6 @@ namespace WebSocketSharp.Net
{
}
- ///
- /// Initializes a new instance of the class with
- /// the specified and
- /// .
- ///
- ///
- /// A that represents the certificate used to authenticate
- /// the server.
- ///
- ///
- /// true if the client must supply a certificate for authentication;
- /// otherwise, false.
- ///
- public ServerSslAuthConfiguration (
- X509Certificate2 serverCertificate, bool clientCertificateRequired)
- : this (serverCertificate, clientCertificateRequired, SslProtocols.Default, false)
- {
- }
-
- ///
- /// Initializes a new instance of the class with
- /// the specified ,
- /// , and .
- ///
- ///
- /// A that represents the certificate used to authenticate
- /// the server.
- ///
- ///
- /// true if the client must supply a certificate for authentication;
- /// otherwise, false.
- ///
- ///
- /// The enum value that represents the protocols used for
- /// authentication.
- ///
- public ServerSslAuthConfiguration (
- X509Certificate2 serverCertificate,
- bool clientCertificateRequired,
- SslProtocols enabledSslProtocols)
- : this (serverCertificate, clientCertificateRequired, enabledSslProtocols, false)
- {
- }
-
///
/// Initializes a new instance of the class with
/// the specified ,
@@ -132,10 +98,10 @@ namespace WebSocketSharp.Net
SslProtocols enabledSslProtocols,
bool checkCertificateRevocation)
{
- ServerCertificate = serverCertificate;
- ClientCertificateRequired = clientCertificateRequired;
- EnabledSslProtocols = enabledSslProtocols;
- CheckCertificateRevocation = checkCertificateRevocation;
+ _cert = serverCertificate;
+ _clientCertRequired = clientCertificateRequired;
+ _enabledProtocols = enabledSslProtocols;
+ _checkCertRevocation = checkCertificateRevocation;
}
#endregion
@@ -149,7 +115,15 @@ namespace WebSocketSharp.Net
///
/// true if the certificate revocation list is checked; otherwise, false.
///
- public bool CheckCertificateRevocation { get; set; }
+ public bool CheckCertificateRevocation {
+ get {
+ return _checkCertRevocation;
+ }
+
+ set {
+ _checkCertRevocation = value;
+ }
+ }
///
/// Gets or sets a value indicating whether the client must supply a certificate for
@@ -158,7 +132,38 @@ namespace WebSocketSharp.Net
///
/// true if the client must supply a certificate; otherwise, false.
///
- public bool ClientCertificateRequired { get; set; }
+ public bool ClientCertificateRequired {
+ get {
+ return _clientCertRequired;
+ }
+
+ set {
+ _clientCertRequired = value;
+ }
+ }
+
+ ///
+ /// Gets or sets the callback used to validate the certificate supplied by the client.
+ ///
+ ///
+ /// If this callback returns true, the client certificate will be valid.
+ ///
+ ///
+ /// A delegate that references the method
+ /// used to validate the client certificate. The default value is a function that only returns
+ /// true.
+ ///
+ public RemoteCertificateValidationCallback ClientCertificateValidationCallback {
+ get {
+ return _clientCertValidationCallback ??
+ (_clientCertValidationCallback =
+ (sender, certificate, chain, sslPolicyErrors) => true);
+ }
+
+ set {
+ _clientCertValidationCallback = value;
+ }
+ }
///
/// Gets or sets the SSL protocols used for authentication.
@@ -167,7 +172,15 @@ namespace WebSocketSharp.Net
/// The enum value that represents the protocols used for
/// authentication.
///
- public SslProtocols EnabledSslProtocols { get; set; }
+ public SslProtocols EnabledSslProtocols {
+ get {
+ return _enabledProtocols;
+ }
+
+ set {
+ _enabledProtocols = value;
+ }
+ }
///
/// Gets or sets the certificate used to authenticate the server on the secure connection.
@@ -176,7 +189,15 @@ namespace WebSocketSharp.Net
/// A that represents the certificate used to authenticate
/// the server.
///
- public X509Certificate2 ServerCertificate { get; set; }
+ public X509Certificate2 ServerCertificate {
+ get {
+ return _cert;
+ }
+
+ set {
+ _cert = value;
+ }
+ }
#endregion
}
diff --git a/websocket-sharp/Net/WebSockets/TcpListenerWebSocketContext.cs b/websocket-sharp/Net/WebSockets/TcpListenerWebSocketContext.cs
index 2a504451..b6192aa2 100644
--- a/websocket-sharp/Net/WebSockets/TcpListenerWebSocketContext.cs
+++ b/websocket-sharp/Net/WebSockets/TcpListenerWebSocketContext.cs
@@ -71,7 +71,7 @@ namespace WebSocketSharp.Net.WebSockets
TcpClient tcpClient,
string protocol,
bool secure,
- ServerSslAuthConfiguration sslConfiguration,
+ ServerSslAuthConfiguration sslConfig,
Logger logger)
{
_tcpClient = tcpClient;
@@ -79,12 +79,14 @@ namespace WebSocketSharp.Net.WebSockets
var netStream = tcpClient.GetStream ();
if (secure) {
- var sslStream = new SslStream (netStream, false);
+ var sslStream = new SslStream (
+ netStream, false, sslConfig.ClientCertificateValidationCallback);
+
sslStream.AuthenticateAsServer (
- sslConfiguration.ServerCertificate,
- sslConfiguration.ClientCertificateRequired,
- sslConfiguration.EnabledSslProtocols,
- sslConfiguration.CheckCertificateRevocation);
+ sslConfig.ServerCertificate,
+ sslConfig.ClientCertificateRequired,
+ sslConfig.EnabledSslProtocols,
+ sslConfig.CheckCertificateRevocation);
_stream = sslStream;
}
diff --git a/websocket-sharp/Server/HttpServer.cs b/websocket-sharp/Server/HttpServer.cs
index 0d2e24e5..bcef5850 100644
--- a/websocket-sharp/Server/HttpServer.cs
+++ b/websocket-sharp/Server/HttpServer.cs
@@ -335,12 +335,12 @@ namespace WebSocketSharp.Server
}
///
- /// Gets or sets the SSL configuration used to authenticate the server and optionally the client
- /// for secure connection.
+ /// Gets or sets the SSL configuration used to authenticate the server and
+ /// optionally the client for secure connection.
///
///
- /// A that represents the configuration used to
- /// authenticate the server and optionally the client for secure connection.
+ /// A that represents the configuration
+ /// used to authenticate the server and optionally the client for secure connection.
///
public ServerSslAuthConfiguration SslConfiguration {
get {
diff --git a/websocket-sharp/Server/WebSocketServer.cs b/websocket-sharp/Server/WebSocketServer.cs
index 5e1c7c31..d436d91f 100644
--- a/websocket-sharp/Server/WebSocketServer.cs
+++ b/websocket-sharp/Server/WebSocketServer.cs
@@ -441,12 +441,12 @@ namespace WebSocketSharp.Server
}
///
- /// Gets or sets the SSL configuration used to authenticate the server and optionally the client
- /// for secure connection.
+ /// Gets or sets the SSL configuration used to authenticate the server and
+ /// optionally the client for secure connection.
///
///
- /// A that represents the configuration used to
- /// authenticate the server and optionally the client for secure connection.
+ /// A that represents the configuration
+ /// used to authenticate the server and optionally the client for secure connection.
///
public ServerSslAuthConfiguration SslConfiguration {
get {