215_sslAuthenticationOptions.EncryptionPolicy = encryptionPolicy; 216_sslAuthenticationOptions.CertValidationDelegate = userCertificateValidationCallback; 217_sslAuthenticationOptions.CertSelectionDelegate = userCertificateSelectionCallback; 251EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 290EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 326EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 338_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 360EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 370_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 388EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 399_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 413EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 427EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 436_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 442_sslAuthenticationOptions.UpdateOptions(optionsCallback, state); 479public override bool IsServer => _sslAuthenticationOptions.IsServer; 539public virtual bool CheckCertRevocationStatus => _sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck; 647return _sslAuthenticationOptions.TargetHost;

24private object _handshakeLock => _sslAuthenticationOptions; 130NetSecurityTelemetry.Log.HandshakeStart(IsServer, _sslAuthenticationOptions.TargetHost); 222_sslAuthenticationOptions.RemoteCertRequired = true; 261CompleteHandshake(_sslAuthenticationOptions); 379CompleteHandshake(_sslAuthenticationOptions); 432_sslAuthenticationOptions!.IsServer) // guard against malicious endpoints. We should not see ClientHello on client. 438if (OperatingSystem.IsMacOS() && _sslAuthenticationOptions.IsServer) 456_sslAuthenticationOptions.TargetHost = _lastFrame.TargetName; 459if (_sslAuthenticationOptions.ServerOptionDelegate != null) 462await _sslAuthenticationOptions.ServerOptionDelegate(this, new SslClientHelloInfo(_sslAuthenticationOptions.TargetHost, _lastFrame.SupportedVersions), 463_sslAuthenticationOptions.UserState, cancellationToken).ConfigureAwait(false); 464_sslAuthenticationOptions.UpdateOptions(userOptions); 579if (!VerifyRemoteCertificate(_sslAuthenticationOptions.CertValidationDelegate, _sslAuthenticationOptions.CertificateContext?.Trust, ref alertToken, out sslPolicyErrors, out chainStatus)) 805if (_sslAuthenticationOptions.AllowRenegotiation || SslProtocol == SslProtocols.Tls13 || _nestedAuth != NestedState.StreamNotInUse)

84return _sslAuthenticationOptions.CertificateContext?.TargetCertificate; 158return _sslAuthenticationOptions.RemoteCertRequired; 322if (_sslAuthenticationOptions.CertificateContext != null) 332_selectedClientCertificate = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 334return _sslAuthenticationOptions.CertificateContext.TargetCertificate; 336else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 346_sslAuthenticationOptions.ClientCertificates ??= new X509CertificateCollection(); 347clientCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost, _sslAuthenticationOptions.ClientCertificates, remoteCert, issuers); 362if (_sslAuthenticationOptions.ClientCertificates == null || _sslAuthenticationOptions.ClientCertificates.Count == 0) 374else if (_credentialsHandle == null && _sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 378clientCertificate = _sslAuthenticationOptions.ClientCertificates[0]; 387else if (_sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 406for (int i = 0; i < _sslAuthenticationOptions.ClientCertificates.Count; ++i) 418certificateEx = MakeEx(_sslAuthenticationOptions.ClientCertificates[i]); 473if (certificateEx != null && (object)certificateEx != (object)_sslAuthenticationOptions.ClientCertificates[i]) 481NetEventSource.Log.SelectedCert(_sslAuthenticationOptions.ClientCertificates[i], this); 483EnsureInitialized(ref filteredCerts).Add(_sslAuthenticationOptions.ClientCertificates[i]); 515if ((selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, clientCertificate)) != null) 583_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert); 586if (SslStreamPal.TryUpdateClintCertificate(_credentialsHandle, _securityContext, _sslAuthenticationOptions)) 602_sslAuthenticationOptions.EnabledSslProtocols, 603_sslAuthenticationOptions.IsServer, 604_sslAuthenticationOptions.EncryptionPolicy, 605_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 606_sslAuthenticationOptions.AllowTlsResume, 608_sslAuthenticationOptions.AllowRsaPssPadding, 609_sslAuthenticationOptions.AllowRsaPkcs1Padding); 644_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert!); 651_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert!); 654_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions, newCredentialsRequested); 662_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert); 684if (_sslAuthenticationOptions.ServerCertSelectionDelegate != null) 686localCertificate = _sslAuthenticationOptions.ServerCertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost); 690NetEventSource.Error(this, $"ServerCertSelectionDelegate returned no certificate for '{_sslAuthenticationOptions.TargetHost}'."); 697else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 700tempCollection.Add(_sslAuthenticationOptions.CertificateContext!.TargetCertificate!); 702localCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, string.Empty, tempCollection, null, Array.Empty<string>()); 706NetEventSource.Error(this, $"CertSelectionDelegate returned no certificaete for '{_sslAuthenticationOptions.TargetHost}'."); 713else if (_sslAuthenticationOptions.CertificateContext != null) 715selectedCert = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 732selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, localCertificate); 740_sslAuthenticationOptions.CertificateContext = SslStreamCertificateContext.Create(selectedCert); 743Debug.Assert(_sslAuthenticationOptions.CertificateContext != null); 747byte[] guessedThumbPrint = selectedCert.GetCertHash(HashAlgorithmName.SHA512); bool sendTrustedList = _sslAuthenticationOptions.CertificateContext!.Trust?._sendTrustInHandshake ?? false; 749_sslAuthenticationOptions.EnabledSslProtocols, 750_sslAuthenticationOptions.IsServer, 751_sslAuthenticationOptions.EncryptionPolicy, 752_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 753_sslAuthenticationOptions.AllowTlsResume, 755_sslAuthenticationOptions.AllowRsaPssPadding, 756_sslAuthenticationOptions.AllowRsaPkcs1Padding); 764_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions); 870cachedCreds = _sslAuthenticationOptions.IsServer 875if (_sslAuthenticationOptions.IsServer) 877sendTrustList = _sslAuthenticationOptions.CertificateContext?.Trust?._sendTrustInHandshake ?? false; 884_sslAuthenticationOptions); 890_sslAuthenticationOptions, 900_sslAuthenticationOptions); 906string hostName = TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost); 913_sslAuthenticationOptions); 929_sslAuthenticationOptions); 953_sslAuthenticationOptions.EnabledSslProtocols, 954_sslAuthenticationOptions.IsServer, 955_sslAuthenticationOptions.EncryptionPolicy, 956_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 957_sslAuthenticationOptions.AllowTlsResume, 959_sslAuthenticationOptions.AllowRsaPssPadding, 960_sslAuthenticationOptions.AllowRsaPkcs1Padding); 975_sslAuthenticationOptions); 1053X509Certificate2? certificate = CertificateValidationPal.GetRemoteCertificate(_securityContext, ref chain, _sslAuthenticationOptions.CertificateChainPolicy); 1075if (_sslAuthenticationOptions.CertificateChainPolicy != null) 1077chain.ChainPolicy = _sslAuthenticationOptions.CertificateChainPolicy; 1081chain.ChainPolicy.RevocationMode = _sslAuthenticationOptions.CertificateRevocationCheckMode; 1102chain.ChainPolicy.ApplicationPolicy.Add(_sslAuthenticationOptions.IsServer ? s_clientAuthOid : s_serverAuthOid); 1109_sslAuthenticationOptions.CheckCertName, 1110_sslAuthenticationOptions.IsServer, 1111TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost));