215_sslAuthenticationOptions.EncryptionPolicy = encryptionPolicy; 216_sslAuthenticationOptions.CertValidationDelegate = userCertificateValidationCallback; 217_sslAuthenticationOptions.CertSelectionDelegate = userCertificateSelectionCallback; 251EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 290EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 326EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 338_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 360EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 370_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 388EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 399_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 413EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 427EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 436_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 442_sslAuthenticationOptions.UpdateOptions(optionsCallback, state); 479public override bool IsServer => _sslAuthenticationOptions.IsServer; 539public virtual bool CheckCertRevocationStatus => _sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck; 647return _sslAuthenticationOptions.TargetHost;

25private object _handshakeLock => _sslAuthenticationOptions; 131NetSecurityTelemetry.Log.HandshakeStart(IsServer, _sslAuthenticationOptions.TargetHost); 223_sslAuthenticationOptions.RemoteCertRequired = true; 262CompleteHandshake(_sslAuthenticationOptions); 404CompleteHandshake(_sslAuthenticationOptions); 457_sslAuthenticationOptions!.IsServer) // guard against malicious endpoints. We should not see ClientHello on client. 463if (OperatingSystem.IsMacOS() && _sslAuthenticationOptions.IsServer) 481_sslAuthenticationOptions.TargetHost = _lastFrame.TargetName; 484if (_sslAuthenticationOptions.ServerOptionDelegate != null) 487await _sslAuthenticationOptions.ServerOptionDelegate(this, new SslClientHelloInfo(_sslAuthenticationOptions.TargetHost, _lastFrame.SupportedVersions), 488_sslAuthenticationOptions.UserState, cancellationToken).ConfigureAwait(false); 489_sslAuthenticationOptions.UpdateOptions(userOptions); 604if (!VerifyRemoteCertificate(_sslAuthenticationOptions.CertValidationDelegate, _sslAuthenticationOptions.CertificateContext?.Trust, ref alertToken, out sslPolicyErrors, out chainStatus)) 830if (_sslAuthenticationOptions.AllowRenegotiation || SslProtocol == SslProtocols.Tls13 || _nestedAuth != NestedState.StreamNotInUse)

90return _sslAuthenticationOptions.CertificateContext?.TargetCertificate; 164return _sslAuthenticationOptions.RemoteCertRequired; 179_sslAuthenticationOptions.Dispose(); 326if (_sslAuthenticationOptions.CertificateContext != null) 336_selectedClientCertificate = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 338return _sslAuthenticationOptions.CertificateContext.TargetCertificate; 340else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 350_sslAuthenticationOptions.ClientCertificates ??= new X509CertificateCollection(); 351clientCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost, _sslAuthenticationOptions.ClientCertificates, remoteCert, issuers); 366if (_sslAuthenticationOptions.ClientCertificates == null || _sslAuthenticationOptions.ClientCertificates.Count == 0) 378else if (_credentialsHandle == null && _sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 382clientCertificate = _sslAuthenticationOptions.ClientCertificates[0]; 391else if (_sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 410for (int i = 0; i < _sslAuthenticationOptions.ClientCertificates.Count; ++i) 422certificateEx = MakeEx(_sslAuthenticationOptions.ClientCertificates[i]); 477if (certificateEx != null && (object)certificateEx != (object)_sslAuthenticationOptions.ClientCertificates[i]) 485NetEventSource.Log.SelectedCert(_sslAuthenticationOptions.ClientCertificates[i], this); 487EnsureInitialized(ref filteredCerts).Add(_sslAuthenticationOptions.ClientCertificates[i]); 519if ((selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, clientCertificate)) != null) 586if (SslStreamPal.TryUpdateClintCertificate(_credentialsHandle, _securityContext, _sslAuthenticationOptions)) 602_sslAuthenticationOptions.EnabledSslProtocols, 603_sslAuthenticationOptions.IsServer, 604_sslAuthenticationOptions.EncryptionPolicy, 605_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 606_sslAuthenticationOptions.AllowTlsResume, 608_sslAuthenticationOptions.AllowRsaPssPadding, 609_sslAuthenticationOptions.AllowRsaPkcs1Padding); 648_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions, newCredentialsRequested); 661if (cert != null && _sslAuthenticationOptions.CertificateContext == null) 663_sslAuthenticationOptions.SetCertificateContextFromCert(cert); 683if (_sslAuthenticationOptions.ServerCertSelectionDelegate != null) 685localCertificate = _sslAuthenticationOptions.ServerCertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost); 689NetEventSource.Error(this, $"ServerCertSelectionDelegate returned no certificate for '{_sslAuthenticationOptions.TargetHost}'."); 696else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 699tempCollection.Add(_sslAuthenticationOptions.CertificateContext!.TargetCertificate!); 701localCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, string.Empty, tempCollection, null, Array.Empty<string>()); 705NetEventSource.Error(this, $"CertSelectionDelegate returned no certificaete for '{_sslAuthenticationOptions.TargetHost}'."); 712else if (_sslAuthenticationOptions.CertificateContext != null) 714selectedCert = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 731selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, localCertificate); 739_sslAuthenticationOptions.SetCertificateContextFromCert(selectedCert); 742Debug.Assert(_sslAuthenticationOptions.CertificateContext != null); 746byte[] guessedThumbPrint = selectedCert.GetCertHash(HashAlgorithmName.SHA512); bool sendTrustedList = _sslAuthenticationOptions.CertificateContext!.Trust?._sendTrustInHandshake ?? false; 748_sslAuthenticationOptions.EnabledSslProtocols, 749_sslAuthenticationOptions.IsServer, 750_sslAuthenticationOptions.EncryptionPolicy, 751_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 752_sslAuthenticationOptions.AllowTlsResume, 754_sslAuthenticationOptions.AllowRsaPssPadding, 755_sslAuthenticationOptions.AllowRsaPkcs1Padding); 763_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions); 869cachedCreds = _sslAuthenticationOptions.IsServer 874if (_sslAuthenticationOptions.IsServer) 876sendTrustList = _sslAuthenticationOptions.CertificateContext?.Trust?._sendTrustInHandshake ?? false; 883_sslAuthenticationOptions); 889_sslAuthenticationOptions, 899_sslAuthenticationOptions); 905string hostName = TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost); 912_sslAuthenticationOptions); 928_sslAuthenticationOptions); 952_sslAuthenticationOptions.EnabledSslProtocols, 953_sslAuthenticationOptions.IsServer, 954_sslAuthenticationOptions.EncryptionPolicy, 955_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 956_sslAuthenticationOptions.AllowTlsResume, 958_sslAuthenticationOptions.AllowRsaPssPadding, 959_sslAuthenticationOptions.AllowRsaPkcs1Padding); 974_sslAuthenticationOptions); 1055int preexistingExtraCertsCount = _sslAuthenticationOptions.CertificateChainPolicy?.ExtraStore?.Count ?? 0; 1059X509Certificate2? certificate = CertificateValidationPal.GetRemoteCertificate(_securityContext, ref chain, _sslAuthenticationOptions.CertificateChainPolicy); 1081if (_sslAuthenticationOptions.CertificateChainPolicy != null) 1083chain.ChainPolicy = _sslAuthenticationOptions.CertificateChainPolicy; 1087chain.ChainPolicy.RevocationMode = _sslAuthenticationOptions.CertificateRevocationCheckMode; 1108chain.ChainPolicy.ApplicationPolicy.Add(_sslAuthenticationOptions.IsServer ? s_clientAuthOid : s_serverAuthOid); 1115_sslAuthenticationOptions.CheckCertName, 1116_sslAuthenticationOptions.IsServer, 1117TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost));