From 9a85efaf69203e2049d76233d01bbeb50d183f11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Sim=C3=B5es?= Date: Wed, 4 Oct 2023 19:21:40 +0100 Subject: [PATCH] Add SslVerification to HttpClient - Implement field allowing to set this on in SslStream. - Add code to propagate this throughout the call stack from HttpClient to HttpWebRequest. --- nanoFramework.System.Net.Http/Http/HttpClient.cs | 9 +++++++++ .../Http/HttpClientHandler.cs | 7 +++++++ .../Http/System.Net.HttpWebRequest.cs | 15 +++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/nanoFramework.System.Net.Http/Http/HttpClient.cs b/nanoFramework.System.Net.Http/Http/HttpClient.cs index c2e1979..247abfc 100644 --- a/nanoFramework.System.Net.Http/Http/HttpClient.cs +++ b/nanoFramework.System.Net.Http/Http/HttpClient.cs @@ -130,6 +130,14 @@ public TimeSpan Timeout /// public SslProtocols SslProtocols { get; set; } = SslProtocols.Tls12; + /// + /// Gets or sets the TLS/SSL verification mode used by the class. + /// + /// + /// Default value is . + /// + public SslVerification SslVerification { get; set; } = SslVerification.CertificateRequired; + #region Constructors /// @@ -408,6 +416,7 @@ private HttpResponseMessage SendWorker(HttpRequestMessage request, HttpCompletio clientHandler.SetWebRequestTimeout(_timeout); clientHandler.SetWebRequestSslProcol(SslProtocols); clientHandler.SetWebRequestHttpAuthCert(HttpsAuthentCert); + clientHandler.SetWebRequestSslVerification(SslVerification); } HttpResponseMessage response = base.Send(request); diff --git a/nanoFramework.System.Net.Http/Http/HttpClientHandler.cs b/nanoFramework.System.Net.Http/Http/HttpClientHandler.cs index 04929ff..e5124b0 100644 --- a/nanoFramework.System.Net.Http/Http/HttpClientHandler.cs +++ b/nanoFramework.System.Net.Http/Http/HttpClientHandler.cs @@ -26,6 +26,7 @@ public partial class HttpClientHandler : HttpMessageHandler private X509Certificate _caCert; private X509Certificate _clientCert; private ClientCertificateOption _clientCertificateOptions = ClientCertificateOption.Manual; + private SslVerification _sslVerification; /// /// Gets or sets a value that indicates if the certificate is automatically picked from the certificate store or if the caller is allowed to pass in a specific client certificate. @@ -306,6 +307,7 @@ private HttpWebRequest CreateWebRequest(HttpRequestMessage request) wr.SslProtocols = _sslProtocols; wr.HttpsAuthentCert = _caCert; + wr.SslVerification = _sslVerification; if (ClientCertificateOptions == ClientCertificateOption.Manual) { @@ -392,5 +394,10 @@ internal void SetWebRequestHttpAuthCert(X509Certificate certificate) { _caCert = certificate; } + + internal void SetWebRequestSslVerification(SslVerification sslVerification) + { + _sslVerification = sslVerification; + } } } diff --git a/nanoFramework.System.Net.Http/Http/System.Net.HttpWebRequest.cs b/nanoFramework.System.Net.Http/Http/System.Net.HttpWebRequest.cs index fd0f562..7e60518 100644 --- a/nanoFramework.System.Net.Http/Http/System.Net.HttpWebRequest.cs +++ b/nanoFramework.System.Net.Http/Http/System.Net.HttpWebRequest.cs @@ -270,6 +270,11 @@ protected override void Dispose(bool disposing) '\t', '\n'}; + /// + /// Exposes this property from . + /// + private SslVerification _sslVerification; + /// /// The maximum length, in kilobytes (1024 bytes), of the response /// headers. @@ -378,6 +383,14 @@ public X509Certificate HttpsAuthentCert set { m_caCert = value; } } + /// + /// Gets or sets + /// + public SslVerification SslVerification + { + get { return _sslVerification; } + set { _sslVerification = value; } + } /// /// Gets or sets the TLS/SSL protocol used by the class. @@ -1497,6 +1510,8 @@ private InputNetworkStreamWrapper EstablishConnection(Uri proxyServer, Uri targe // Once connection established need to create secure stream and authenticate server. SslStream sslStream = new SslStream(retStream.m_Socket); + sslStream.SslVerification = _sslVerification; + // Throws exception if it fails sslStream.AuthenticateAsClient(m_originalUrl.Host, null, m_caCert, m_sslProtocols);