SslConnectionFactory

Overview

The SSL Connection Factory is a class to assign to server & client connections to pass all communications in a secured filter. SSL (or TLS) will try to validate the remote certificate against the local certificate store (on Windows, the one included with IIS, on Linux/MacOS it will use the mono store). SSL validates the certificate, the expiration date, the target host name, stops repeat and man in the middle attacks and encrypts all traffic to and from the host.

Location


 

constructor

Creates a new instance for this class.

 

constructor

 

SslConnectionFactory()

 

Sub New()

Certificate

This certificate contains the public AND private key to use for this TLS connection. When used for clients, it will contain the key to use for client authentication to the server, which is usually optional. For servers, this property is not required.

 

property Certificate: X509Certificate2 read write;

 

X509Certificate2 Certificate { get; set; }

 

Property Certificate() As X509Certificate2

CertificateFileName

Use this property instead of Certificate to load the certificate from a file (in the pkcs12 format).

 

property CertificateFileName: String read write;

 

String CertificateFileName { get; set; }

 

Property CertificateFileName() As String

CertificateStore

 

property CertificateStore: String read write;

 

String CertificateStore { get; set; }

 

Property CertificateStore() As String

CertificateSubject

 

property CertificateSubject: String read write;

 

String CertificateSubject { get; set; }

 

Property CertificateSubject() As String

CertificateThumbprint

 

property CertificateThumbprint: String read write;

 

String CertificateThumbprint { get; set; }

 

Property CertificateThumbprint() As String

CopyProperties

 

method CopyProperties(source: SslConnectionFactory)

 

void CopyProperties(SslConnectionFactory source)

 

Sub CopyProperties(source As SslConnectionFactory)

Parameters:

  • source:

CreateClientConnection (Binding): Connection

This method is used internally to create a new Connection with a given binding with the SSL layer enabled.

 

method CreateClientConnection(binding: Binding): Connection

 

Connection CreateClientConnection(Binding binding)

 

Function CreateClientConnection(binding As Binding) As Connection

Parameters:

  • binding:

CreateClientConnection (Connection): Connection

 

method CreateClientConnection(connection: Connection): Connection

 

Connection CreateClientConnection(Connection connection)

 

Function CreateClientConnection(connection As Connection) As Connection

Parameters:

  • connection:

CreateServerConnection

This method is used internally to create a new Connection with a given binding with the SSL layer enabled.

 

method CreateServerConnection(socket: Socket): Connection

 

Connection CreateServerConnection(Socket socket)

 

Function CreateServerConnection(socket As Socket) As Connection

Parameters:

  • socket:

Enabled

Enables or disables the use of the TLS connection filter. Defaults to Enabled = true.

 

property Enabled: Boolean read write;

 

Boolean Enabled { get; set; }

 

Property Enabled() As Boolean

IsCertificateLoadPending

 

property IsCertificateLoadPending: Boolean read;

 

Boolean IsCertificateLoadPending { get; }

 

ReadOnly Property IsCertificateLoadPending() As Boolean

LoadCertificate

 

method LoadCertificate

 

void LoadCertificate()

 

Sub LoadCertificate()

NeedPassword

The NeedPassword event is triggered when the certificate is being loaded and is protected by a password.

 

event NeedPassword: EventHandler<SslNeedPasswordEventArgs>;

 

delegate EventHandler<SslNeedPasswordEventArgs> NeedPassword()

 

Event NeedPassword As EventHandler<SslNeedPasswordEventArgs>

OnNeedPassword

 

method OnNeedPassword(e: SslNeedPasswordEventArgs)

 

void OnNeedPassword(SslNeedPasswordEventArgs e)

 

Sub OnNeedPassword(e As SslNeedPasswordEventArgs)

Parameters:

  • e:

OnValidateRemoteCertificate

 

method OnValidateRemoteCertificate(certificate: X509Certificate; chain: X509Chain; sslPolicyErrors: SslPolicyErrors; isServer: Boolean): Boolean

 

Boolean OnValidateRemoteCertificate(X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors, Boolean isServer)

 

Function OnValidateRemoteCertificate(certificate As X509Certificate, chain As X509Chain, sslPolicyErrors As SslPolicyErrors, isServer As Boolean) As Boolean

Parameters:

  • certificate:
  • chain:
  • sslPolicyErrors:
  • isServer:

RequestClientCertificate

 

property RequestClientCertificate: Boolean read write;

 

Boolean RequestClientCertificate { get; set; }

 

Property RequestClientCertificate() As Boolean

TargetHostName

Specifies the expected target host name when connecting to a server. When this does not match the server, it will fail to finish the connection handshake.

 

property TargetHostName: String read write;

 

String TargetHostName { get; set; }

 

Property TargetHostName() As String

UseMono

Forces the use of the Mono.Security.dll library over the default .NET 2.0 SslStream. The Mono.Security.dll version works on both Mono and .NET and has better support for the different certificate types.

 

property UseMono: Boolean read write;

 

Boolean UseMono { get; set; }

 

Property UseMono() As Boolean

UseTls

 

property UseTls: Boolean read write;

 

Boolean UseTls { get; set; }

 

Property UseTls() As Boolean

ValidateRemoteCertificate

Assign this event to override the default certificate validation. When assigned and returning true, the remote certificate will be accepted. Returning false makes it fail to setup a connection. When this is not set, it will use the default certificate store to validate certificates.

 

event ValidateRemoteCertificate: EventHandler<SslValidateCertificateEventArgs>;

 

delegate EventHandler<SslValidateCertificateEventArgs> ValidateRemoteCertificate()

 

Event ValidateRemoteCertificate As EventHandler<SslValidateCertificateEventArgs>

 

Certificate

This certificate contains the public AND private key to use for this TLS connection. When used for clients, it will contain the key to use for client authentication to the server, which is usually optional. For servers, this property is not required.

 

property Certificate: X509Certificate2 read write;

 

X509Certificate2 Certificate { get; set; }

 

Property Certificate() As X509Certificate2

CertificateFileName

Use this property instead of Certificate to load the certificate from a file (in the pkcs12 format).

 

property CertificateFileName: String read write;

 

String CertificateFileName { get; set; }

 

Property CertificateFileName() As String

CertificateStore

 

property CertificateStore: String read write;

 

String CertificateStore { get; set; }

 

Property CertificateStore() As String

CertificateSubject

 

property CertificateSubject: String read write;

 

String CertificateSubject { get; set; }

 

Property CertificateSubject() As String

CertificateThumbprint

 

property CertificateThumbprint: String read write;

 

String CertificateThumbprint { get; set; }

 

Property CertificateThumbprint() As String

Enabled

Enables or disables the use of the TLS connection filter. Defaults to Enabled = true.

 

property Enabled: Boolean read write;

 

Boolean Enabled { get; set; }

 

Property Enabled() As Boolean

IsCertificateLoadPending

 

property IsCertificateLoadPending: Boolean read;

 

Boolean IsCertificateLoadPending { get; }

 

ReadOnly Property IsCertificateLoadPending() As Boolean

RequestClientCertificate

 

property RequestClientCertificate: Boolean read write;

 

Boolean RequestClientCertificate { get; set; }

 

Property RequestClientCertificate() As Boolean

TargetHostName

Specifies the expected target host name when connecting to a server. When this does not match the server, it will fail to finish the connection handshake.

 

property TargetHostName: String read write;

 

String TargetHostName { get; set; }

 

Property TargetHostName() As String

UseMono

Forces the use of the Mono.Security.dll library over the default .NET 2.0 SslStream. The Mono.Security.dll version works on both Mono and .NET and has better support for the different certificate types.

 

property UseMono: Boolean read write;

 

Boolean UseMono { get; set; }

 

Property UseMono() As Boolean

UseTls

 

property UseTls: Boolean read write;

 

Boolean UseTls { get; set; }

 

Property UseTls() As Boolean

 

constructor

Creates a new instance for this class.

 

constructor

 

SslConnectionFactory()

 

Sub New()

CopyProperties

 

method CopyProperties(source: SslConnectionFactory)

 

void CopyProperties(SslConnectionFactory source)

 

Sub CopyProperties(source As SslConnectionFactory)

Parameters:

  • source:

CreateClientConnection (Binding): Connection

This method is used internally to create a new Connection with a given binding with the SSL layer enabled.

 

method CreateClientConnection(binding: Binding): Connection

 

Connection CreateClientConnection(Binding binding)

 

Function CreateClientConnection(binding As Binding) As Connection

Parameters:

  • binding:

CreateClientConnection (Connection): Connection

 

method CreateClientConnection(connection: Connection): Connection

 

Connection CreateClientConnection(Connection connection)

 

Function CreateClientConnection(connection As Connection) As Connection

Parameters:

  • connection:

CreateServerConnection

This method is used internally to create a new Connection with a given binding with the SSL layer enabled.

 

method CreateServerConnection(socket: Socket): Connection

 

Connection CreateServerConnection(Socket socket)

 

Function CreateServerConnection(socket As Socket) As Connection

Parameters:

  • socket:

LoadCertificate

 

method LoadCertificate

 

void LoadCertificate()

 

Sub LoadCertificate()

OnNeedPassword

 

method OnNeedPassword(e: SslNeedPasswordEventArgs)

 

void OnNeedPassword(SslNeedPasswordEventArgs e)

 

Sub OnNeedPassword(e As SslNeedPasswordEventArgs)

Parameters:

  • e:

OnValidateRemoteCertificate

 

method OnValidateRemoteCertificate(certificate: X509Certificate; chain: X509Chain; sslPolicyErrors: SslPolicyErrors; isServer: Boolean): Boolean

 

Boolean OnValidateRemoteCertificate(X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors, Boolean isServer)

 

Function OnValidateRemoteCertificate(certificate As X509Certificate, chain As X509Chain, sslPolicyErrors As SslPolicyErrors, isServer As Boolean) As Boolean

Parameters:

  • certificate:
  • chain:
  • sslPolicyErrors:
  • isServer:

 

NeedPassword

The NeedPassword event is triggered when the certificate is being loaded and is protected by a password.

 

event NeedPassword: EventHandler<SslNeedPasswordEventArgs>;

 

delegate EventHandler<SslNeedPasswordEventArgs> NeedPassword()

 

Event NeedPassword As EventHandler<SslNeedPasswordEventArgs>

ValidateRemoteCertificate

Assign this event to override the default certificate validation. When assigned and returning true, the remote certificate will be accepted. Returning false makes it fail to setup a connection. When this is not set, it will use the default certificate store to validate certificates.

 

event ValidateRemoteCertificate: EventHandler<SslValidateCertificateEventArgs>;

 

delegate EventHandler<SslValidateCertificateEventArgs> ValidateRemoteCertificate()

 

Event ValidateRemoteCertificate As EventHandler<SslValidateCertificateEventArgs>