215_sslAuthenticationOptions.EncryptionPolicy = encryptionPolicy; 216_sslAuthenticationOptions.CertValidationDelegate = userCertificateValidationCallback; 217_sslAuthenticationOptions.CertSelectionDelegate = userCertificateSelectionCallback; 251EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 290EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 326EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 338_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 360EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 370_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 388EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 399_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 413EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 427EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 436_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 442_sslAuthenticationOptions.UpdateOptions(optionsCallback, state); 479public override bool IsServer => _sslAuthenticationOptions.IsServer; 539public virtual bool CheckCertRevocationStatus => _sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck; 647return _sslAuthenticationOptions.TargetHost;

24private object _handshakeLock => _sslAuthenticationOptions; 130NetSecurityTelemetry.Log.HandshakeStart(IsServer, _sslAuthenticationOptions.TargetHost); 222_sslAuthenticationOptions.RemoteCertRequired = true; 261CompleteHandshake(_sslAuthenticationOptions); 379CompleteHandshake(_sslAuthenticationOptions); 432_sslAuthenticationOptions!.IsServer) // guard against malicious endpoints. We should not see ClientHello on client. 438if (OperatingSystem.IsMacOS() && _sslAuthenticationOptions.IsServer) 456_sslAuthenticationOptions.TargetHost = _lastFrame.TargetName; 459if (_sslAuthenticationOptions.ServerOptionDelegate != null) 462await _sslAuthenticationOptions.ServerOptionDelegate(this, new SslClientHelloInfo(_sslAuthenticationOptions.TargetHost, _lastFrame.SupportedVersions), 463_sslAuthenticationOptions.UserState, cancellationToken).ConfigureAwait(false); 464_sslAuthenticationOptions.UpdateOptions(userOptions); 579if (!VerifyRemoteCertificate(_sslAuthenticationOptions.CertValidationDelegate, _sslAuthenticationOptions.CertificateContext?.Trust, ref alertToken, out sslPolicyErrors, out chainStatus)) 805if (_sslAuthenticationOptions.AllowRenegotiation || SslProtocol == SslProtocols.Tls13 || _nestedAuth != NestedState.StreamNotInUse)

84return _sslAuthenticationOptions.CertificateContext?.TargetCertificate; 158return _sslAuthenticationOptions.RemoteCertRequired; 323if (_sslAuthenticationOptions.CertificateContext != null) 333_selectedClientCertificate = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 335return _sslAuthenticationOptions.CertificateContext.TargetCertificate; 337else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 347_sslAuthenticationOptions.ClientCertificates ??= new X509CertificateCollection(); 348clientCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost, _sslAuthenticationOptions.ClientCertificates, remoteCert, issuers); 363if (_sslAuthenticationOptions.ClientCertificates == null || _sslAuthenticationOptions.ClientCertificates.Count == 0) 375else if (_credentialsHandle == null && _sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 379clientCertificate = _sslAuthenticationOptions.ClientCertificates[0]; 388else if (_sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 407for (int i = 0; i < _sslAuthenticationOptions.ClientCertificates.Count; ++i) 419certificateEx = MakeEx(_sslAuthenticationOptions.ClientCertificates[i]); 474if (certificateEx != null && (object)certificateEx != (object)_sslAuthenticationOptions.ClientCertificates[i]) 482NetEventSource.Log.SelectedCert(_sslAuthenticationOptions.ClientCertificates[i], this); 484EnsureInitialized(ref filteredCerts).Add(_sslAuthenticationOptions.ClientCertificates[i]); 516if ((selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, clientCertificate)) != null) 584_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert); 587if (SslStreamPal.TryUpdateClintCertificate(_credentialsHandle, _securityContext, _sslAuthenticationOptions)) 603_sslAuthenticationOptions.EnabledSslProtocols, 604_sslAuthenticationOptions.IsServer, 605_sslAuthenticationOptions.EncryptionPolicy, 606_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 607_sslAuthenticationOptions.AllowTlsResume, 643_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert!); 650_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert!); 653_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions, newCredentialsRequested); 661_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert); 683if (_sslAuthenticationOptions.ServerCertSelectionDelegate != null) 685localCertificate = _sslAuthenticationOptions.ServerCertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost); 689NetEventSource.Error(this, $"ServerCertSelectionDelegate returned no certificaete for '{_sslAuthenticationOptions.TargetHost}'."); 696else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 699tempCollection.Add(_sslAuthenticationOptions.CertificateContext!.TargetCertificate!); 701localCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, string.Empty, tempCollection, null, Array.Empty<string>()); 705NetEventSource.Error(this, $"CertSelectionDelegate returned no certificaete for '{_sslAuthenticationOptions.TargetHost}'."); 712else if (_sslAuthenticationOptions.CertificateContext != null) 714selectedCert = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 731selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, localCertificate); 739_sslAuthenticationOptions.CertificateContext = SslStreamCertificateContext.Create(selectedCert); 742Debug.Assert(_sslAuthenticationOptions.CertificateContext != null); 747bool sendTrustedList = _sslAuthenticationOptions.CertificateContext!.Trust?._sendTrustInHandshake ?? false; 749_sslAuthenticationOptions.EnabledSslProtocols, 750_sslAuthenticationOptions.IsServer, 751_sslAuthenticationOptions.EncryptionPolicy, 752_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 753_sslAuthenticationOptions.AllowTlsResume, 762_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions); 868cachedCreds = _sslAuthenticationOptions.IsServer 873if (_sslAuthenticationOptions.IsServer) 875sendTrustList = _sslAuthenticationOptions.CertificateContext?.Trust?._sendTrustInHandshake ?? false; 882_sslAuthenticationOptions); 888_sslAuthenticationOptions, 898_sslAuthenticationOptions); 904string hostName = TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost); 911_sslAuthenticationOptions); 927_sslAuthenticationOptions); 951_sslAuthenticationOptions.EnabledSslProtocols, 952_sslAuthenticationOptions.IsServer, 953_sslAuthenticationOptions.EncryptionPolicy, 954_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 955_sslAuthenticationOptions.AllowTlsResume, 971_sslAuthenticationOptions); 1049X509Certificate2? certificate = CertificateValidationPal.GetRemoteCertificate(_securityContext, ref chain, _sslAuthenticationOptions.CertificateChainPolicy); 1070if (_sslAuthenticationOptions.CertificateChainPolicy != null) 1072chain.ChainPolicy = _sslAuthenticationOptions.CertificateChainPolicy; 1076chain.ChainPolicy.RevocationMode = _sslAuthenticationOptions.CertificateRevocationCheckMode; 1097chain.ChainPolicy.ApplicationPolicy.Add(_sslAuthenticationOptions.IsServer ? s_clientAuthOid : s_serverAuthOid); 1104_sslAuthenticationOptions.CheckCertName, 1105_sslAuthenticationOptions.IsServer, 1106TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost));