215_sslAuthenticationOptions.EncryptionPolicy = encryptionPolicy; 216_sslAuthenticationOptions.CertValidationDelegate = userCertificateValidationCallback; 217_sslAuthenticationOptions.CertSelectionDelegate = userCertificateSelectionCallback; 224_sslAuthenticationOptions.SslStream = this; 255EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 294EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 330EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 342_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 364EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 374_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 392EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 403_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 417EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 431EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 440_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 446_sslAuthenticationOptions.UpdateOptions(optionsCallback, state); 483public override bool IsServer => _sslAuthenticationOptions.IsServer; 543public virtual bool CheckCertRevocationStatus => _sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck; 651return _sslAuthenticationOptions.TargetHost;

25private object _handshakeLock => _sslAuthenticationOptions; 113NetSecurityTelemetry.Log.HandshakeStart(IsServer, _sslAuthenticationOptions.TargetHost); 205_sslAuthenticationOptions.RemoteCertRequired = true; 244CompleteHandshake(_sslAuthenticationOptions); 386CompleteHandshake(_sslAuthenticationOptions); 439_sslAuthenticationOptions!.IsServer) // guard against malicious endpoints. We should not see ClientHello on client. 444if (OperatingSystem.IsMacOS() && _sslAuthenticationOptions.IsServer) 457if (_sslAuthenticationOptions.ServerOptionDelegate != null) 474_sslAuthenticationOptions.TargetHost = _lastFrame.TargetName; 477if (_sslAuthenticationOptions.ServerOptionDelegate != null) 480await _sslAuthenticationOptions.ServerOptionDelegate(this, new SslClientHelloInfo(_sslAuthenticationOptions.TargetHost, _lastFrame.SupportedVersions), 481_sslAuthenticationOptions.UserState, cancellationToken).ConfigureAwait(false); 482_sslAuthenticationOptions.UpdateOptions(userOptions); 505if (_sslAuthenticationOptions!.IsServer && _securityContext == null) 615if (!VerifyRemoteCertificate(_sslAuthenticationOptions.CertificateContext?.Trust, ref alertToken, out sslPolicyErrors, out chainStatus)) 629if (!VerifyRemoteCertificate(_sslAuthenticationOptions.CertificateContext?.Trust, ref alertToken, out sslPolicyErrors, out chainStatus))

60return _sslAuthenticationOptions.CertificateContext?.TargetCertificate; 134return _sslAuthenticationOptions.RemoteCertRequired; 149_sslAuthenticationOptions.Dispose(); 296if (_sslAuthenticationOptions.CertificateContext != null) 306_selectedClientCertificate = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 308return _sslAuthenticationOptions.CertificateContext.TargetCertificate; 310else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 320_sslAuthenticationOptions.ClientCertificates ??= new X509CertificateCollection(); 321clientCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost, _sslAuthenticationOptions.ClientCertificates, remoteCert, issuers); 336if (_sslAuthenticationOptions.ClientCertificates == null || _sslAuthenticationOptions.ClientCertificates.Count == 0) 348else if (_credentialsHandle == null && _sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 352clientCertificate = _sslAuthenticationOptions.ClientCertificates[0]; 361else if (_sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 380for (int i = 0; i < _sslAuthenticationOptions.ClientCertificates.Count; ++i) 392certificateEx = MakeEx(_sslAuthenticationOptions.ClientCertificates[i]); 447if (certificateEx != null && (object)certificateEx != (object)_sslAuthenticationOptions.ClientCertificates[i]) 455NetEventSource.Log.SelectedCert(_sslAuthenticationOptions.ClientCertificates[i], this); 457EnsureInitialized(ref filteredCerts).Add(_sslAuthenticationOptions.ClientCertificates[i]); 489if ((selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, clientCertificate)) != null) 556if (SslStreamPal.TryUpdateClintCertificate(_credentialsHandle, _securityContext, _sslAuthenticationOptions)) 572_sslAuthenticationOptions.EnabledSslProtocols, 573_sslAuthenticationOptions.IsServer, 574_sslAuthenticationOptions.EncryptionPolicy, 575_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 576_sslAuthenticationOptions.AllowTlsResume, 578_sslAuthenticationOptions.AllowRsaPssPadding, 579_sslAuthenticationOptions.AllowRsaPkcs1Padding); 618_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions, newCredentialsRequested); 631if (cert != null && _sslAuthenticationOptions.CertificateContext == null) 633_sslAuthenticationOptions.SetCertificateContextFromCert(cert); 653if (_sslAuthenticationOptions.ServerCertSelectionDelegate != null) 655localCertificate = _sslAuthenticationOptions.ServerCertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost); 659NetEventSource.Error(this, $"ServerCertSelectionDelegate returned no certificate for '{_sslAuthenticationOptions.TargetHost}'."); 666else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 669tempCollection.Add(_sslAuthenticationOptions.CertificateContext!.TargetCertificate!); 671localCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, string.Empty, tempCollection, null, Array.Empty<string>()); 675NetEventSource.Error(this, $"CertSelectionDelegate returned no certificaete for '{_sslAuthenticationOptions.TargetHost}'."); 682else if (_sslAuthenticationOptions.CertificateContext != null) 684selectedCert = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 701selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, localCertificate); 709_sslAuthenticationOptions.SetCertificateContextFromCert(selectedCert); 712Debug.Assert(_sslAuthenticationOptions.CertificateContext != null); 716byte[] guessedThumbPrint = selectedCert.GetCertHash(HashAlgorithmName.SHA512); bool sendTrustedList = _sslAuthenticationOptions.CertificateContext!.Trust?._sendTrustInHandshake ?? false; 718_sslAuthenticationOptions.EnabledSslProtocols, 719_sslAuthenticationOptions.IsServer, 720_sslAuthenticationOptions.EncryptionPolicy, 721_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 722_sslAuthenticationOptions.AllowTlsResume, 724_sslAuthenticationOptions.AllowRsaPssPadding, 725_sslAuthenticationOptions.AllowRsaPkcs1Padding); 733_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions); 839cachedCreds = _sslAuthenticationOptions.IsServer 844if (_sslAuthenticationOptions.IsServer) 846sendTrustList = _sslAuthenticationOptions.CertificateContext?.Trust?._sendTrustInHandshake ?? false; 853_sslAuthenticationOptions); 859_sslAuthenticationOptions, 869_sslAuthenticationOptions); 875string hostName = TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost); 882_sslAuthenticationOptions); 898_sslAuthenticationOptions); 922_sslAuthenticationOptions.EnabledSslProtocols, 923_sslAuthenticationOptions.IsServer, 924_sslAuthenticationOptions.EncryptionPolicy, 925_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 926_sslAuthenticationOptions.AllowTlsResume, 928_sslAuthenticationOptions.AllowRsaPssPadding, 929_sslAuthenticationOptions.AllowRsaPkcs1Padding); 944_sslAuthenticationOptions); 1059if (_sslAuthenticationOptions.AllowRenegotiation || SslProtocol == SslProtocols.Tls13 || _nestedAuth != NestedState.StreamNotInUse) 1088int preexistingExtraCertsCount = _sslAuthenticationOptions.CertificateChainPolicy?.ExtraStore?.Count ?? 0; 1094X509Certificate2? certificate = CertificateValidationPal.GetRemoteCertificate(_securityContext, ref chain, _sslAuthenticationOptions.CertificateChainPolicy); 1108if (_sslAuthenticationOptions.CertValidationDelegate == null) 1141RemoteCertificateValidationCallback? remoteCertValidationCallback = _sslAuthenticationOptions.CertValidationDelegate; 1169if (_sslAuthenticationOptions.CertificateChainPolicy != null) 1171chain.ChainPolicy = _sslAuthenticationOptions.CertificateChainPolicy; 1175chain.ChainPolicy.RevocationMode = _sslAuthenticationOptions.CertificateRevocationCheckMode; 1178if (_sslAuthenticationOptions.IsServer && !LocalAppContextSwitches.EnableServerAiaDownloads) 1201chain.ChainPolicy.ApplicationPolicy.Add(_sslAuthenticationOptions.IsServer ? s_clientAuthOid : s_serverAuthOid); 1208_sslAuthenticationOptions.CheckCertName, 1209_sslAuthenticationOptions.IsServer, 1210TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost));