215_sslAuthenticationOptions.EncryptionPolicy = encryptionPolicy; 216_sslAuthenticationOptions.CertValidationDelegate = userCertificateValidationCallback; 217_sslAuthenticationOptions.CertSelectionDelegate = userCertificateSelectionCallback; 251EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 290EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 326EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 338_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 360EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 370_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 388EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 399_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 413EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 427EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 436_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 442_sslAuthenticationOptions.UpdateOptions(optionsCallback, state); 479public override bool IsServer => _sslAuthenticationOptions.IsServer; 539public virtual bool CheckCertRevocationStatus => _sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck; 647return _sslAuthenticationOptions.TargetHost;

25private object _handshakeLock => _sslAuthenticationOptions; 131NetSecurityTelemetry.Log.HandshakeStart(IsServer, _sslAuthenticationOptions.TargetHost); 223_sslAuthenticationOptions.RemoteCertRequired = true; 262CompleteHandshake(_sslAuthenticationOptions); 404CompleteHandshake(_sslAuthenticationOptions); 457_sslAuthenticationOptions!.IsServer) // guard against malicious endpoints. We should not see ClientHello on client. 463if (OperatingSystem.IsMacOS() && _sslAuthenticationOptions.IsServer) 481_sslAuthenticationOptions.TargetHost = _lastFrame.TargetName; 484if (_sslAuthenticationOptions.ServerOptionDelegate != null) 487await _sslAuthenticationOptions.ServerOptionDelegate(this, new SslClientHelloInfo(_sslAuthenticationOptions.TargetHost, _lastFrame.SupportedVersions), 488_sslAuthenticationOptions.UserState, cancellationToken).ConfigureAwait(false); 489_sslAuthenticationOptions.UpdateOptions(userOptions); 604if (!VerifyRemoteCertificate(_sslAuthenticationOptions.CertValidationDelegate, _sslAuthenticationOptions.CertificateContext?.Trust, ref alertToken, out sslPolicyErrors, out chainStatus)) 830if (_sslAuthenticationOptions.AllowRenegotiation || SslProtocol == SslProtocols.Tls13 || _nestedAuth != NestedState.StreamNotInUse)

59return _sslAuthenticationOptions.CertificateContext?.TargetCertificate; 133return _sslAuthenticationOptions.RemoteCertRequired; 148_sslAuthenticationOptions.Dispose(); 295if (_sslAuthenticationOptions.CertificateContext != null) 305_selectedClientCertificate = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 307return _sslAuthenticationOptions.CertificateContext.TargetCertificate; 309else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 319_sslAuthenticationOptions.ClientCertificates ??= new X509CertificateCollection(); 320clientCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost, _sslAuthenticationOptions.ClientCertificates, remoteCert, issuers); 335if (_sslAuthenticationOptions.ClientCertificates == null || _sslAuthenticationOptions.ClientCertificates.Count == 0) 347else if (_credentialsHandle == null && _sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 351clientCertificate = _sslAuthenticationOptions.ClientCertificates[0]; 360else if (_sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 379for (int i = 0; i < _sslAuthenticationOptions.ClientCertificates.Count; ++i) 391certificateEx = MakeEx(_sslAuthenticationOptions.ClientCertificates[i]); 446if (certificateEx != null && (object)certificateEx != (object)_sslAuthenticationOptions.ClientCertificates[i]) 454NetEventSource.Log.SelectedCert(_sslAuthenticationOptions.ClientCertificates[i], this); 456EnsureInitialized(ref filteredCerts).Add(_sslAuthenticationOptions.ClientCertificates[i]); 488if ((selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, clientCertificate)) != null) 555if (SslStreamPal.TryUpdateClintCertificate(_credentialsHandle, _securityContext, _sslAuthenticationOptions)) 571_sslAuthenticationOptions.EnabledSslProtocols, 572_sslAuthenticationOptions.IsServer, 573_sslAuthenticationOptions.EncryptionPolicy, 574_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 575_sslAuthenticationOptions.AllowTlsResume, 577_sslAuthenticationOptions.AllowRsaPssPadding, 578_sslAuthenticationOptions.AllowRsaPkcs1Padding); 617_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions, newCredentialsRequested); 630if (cert != null && _sslAuthenticationOptions.CertificateContext == null) 632_sslAuthenticationOptions.SetCertificateContextFromCert(cert); 652if (_sslAuthenticationOptions.ServerCertSelectionDelegate != null) 654localCertificate = _sslAuthenticationOptions.ServerCertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost); 658NetEventSource.Error(this, $"ServerCertSelectionDelegate returned no certificate for '{_sslAuthenticationOptions.TargetHost}'."); 665else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 668tempCollection.Add(_sslAuthenticationOptions.CertificateContext!.TargetCertificate!); 670localCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, string.Empty, tempCollection, null, Array.Empty<string>()); 674NetEventSource.Error(this, $"CertSelectionDelegate returned no certificaete for '{_sslAuthenticationOptions.TargetHost}'."); 681else if (_sslAuthenticationOptions.CertificateContext != null) 683selectedCert = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 700selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, localCertificate); 708_sslAuthenticationOptions.SetCertificateContextFromCert(selectedCert); 711Debug.Assert(_sslAuthenticationOptions.CertificateContext != null); 715byte[] guessedThumbPrint = selectedCert.GetCertHash(HashAlgorithmName.SHA512); bool sendTrustedList = _sslAuthenticationOptions.CertificateContext!.Trust?._sendTrustInHandshake ?? false; 717_sslAuthenticationOptions.EnabledSslProtocols, 718_sslAuthenticationOptions.IsServer, 719_sslAuthenticationOptions.EncryptionPolicy, 720_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 721_sslAuthenticationOptions.AllowTlsResume, 723_sslAuthenticationOptions.AllowRsaPssPadding, 724_sslAuthenticationOptions.AllowRsaPkcs1Padding); 732_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions); 838cachedCreds = _sslAuthenticationOptions.IsServer 843if (_sslAuthenticationOptions.IsServer) 845sendTrustList = _sslAuthenticationOptions.CertificateContext?.Trust?._sendTrustInHandshake ?? false; 852_sslAuthenticationOptions); 858_sslAuthenticationOptions, 868_sslAuthenticationOptions); 874string hostName = TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost); 881_sslAuthenticationOptions); 897_sslAuthenticationOptions); 921_sslAuthenticationOptions.EnabledSslProtocols, 922_sslAuthenticationOptions.IsServer, 923_sslAuthenticationOptions.EncryptionPolicy, 924_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 925_sslAuthenticationOptions.AllowTlsResume, 927_sslAuthenticationOptions.AllowRsaPssPadding, 928_sslAuthenticationOptions.AllowRsaPkcs1Padding); 943_sslAuthenticationOptions); 1024int preexistingExtraCertsCount = _sslAuthenticationOptions.CertificateChainPolicy?.ExtraStore?.Count ?? 0; 1028X509Certificate2? certificate = CertificateValidationPal.GetRemoteCertificate(_securityContext, ref chain, _sslAuthenticationOptions.CertificateChainPolicy); 1050if (_sslAuthenticationOptions.CertificateChainPolicy != null) 1052chain.ChainPolicy = _sslAuthenticationOptions.CertificateChainPolicy; 1056chain.ChainPolicy.RevocationMode = _sslAuthenticationOptions.CertificateRevocationCheckMode; 1059if (_sslAuthenticationOptions.IsServer && !LocalAppContextSwitches.EnableServerAiaDownloads) 1082chain.ChainPolicy.ApplicationPolicy.Add(_sslAuthenticationOptions.IsServer ? s_clientAuthOid : s_serverAuthOid); 1089_sslAuthenticationOptions.CheckCertName, 1090_sslAuthenticationOptions.IsServer, 1091TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost));