215_sslAuthenticationOptions.EncryptionPolicy = encryptionPolicy; 216_sslAuthenticationOptions.CertValidationDelegate = userCertificateValidationCallback; 217_sslAuthenticationOptions.CertSelectionDelegate = userCertificateSelectionCallback; 251EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 290EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 326EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 338_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 360EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 370_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 388EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 399_sslAuthenticationOptions.UpdateOptions(sslClientAuthenticationOptions); 413EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 427EncryptionPolicy = _sslAuthenticationOptions.EncryptionPolicy, 436_sslAuthenticationOptions.UpdateOptions(sslServerAuthenticationOptions); 442_sslAuthenticationOptions.UpdateOptions(optionsCallback, state); 479public override bool IsServer => _sslAuthenticationOptions.IsServer; 539public virtual bool CheckCertRevocationStatus => _sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck; 647return _sslAuthenticationOptions.TargetHost;

24private object _handshakeLock => _sslAuthenticationOptions; 130NetSecurityTelemetry.Log.HandshakeStart(IsServer, _sslAuthenticationOptions.TargetHost); 222_sslAuthenticationOptions.RemoteCertRequired = true; 261CompleteHandshake(_sslAuthenticationOptions); 379CompleteHandshake(_sslAuthenticationOptions); 432_sslAuthenticationOptions!.IsServer) // guard against malicious endpoints. We should not see ClientHello on client. 438if (OperatingSystem.IsMacOS() && _sslAuthenticationOptions.IsServer) 456_sslAuthenticationOptions.TargetHost = _lastFrame.TargetName; 459if (_sslAuthenticationOptions.ServerOptionDelegate != null) 462await _sslAuthenticationOptions.ServerOptionDelegate(this, new SslClientHelloInfo(_sslAuthenticationOptions.TargetHost, _lastFrame.SupportedVersions), 463_sslAuthenticationOptions.UserState, cancellationToken).ConfigureAwait(false); 464_sslAuthenticationOptions.UpdateOptions(userOptions); 579if (!VerifyRemoteCertificate(_sslAuthenticationOptions.CertValidationDelegate, _sslAuthenticationOptions.CertificateContext?.Trust, ref alertToken, out sslPolicyErrors, out chainStatus)) 805if (_sslAuthenticationOptions.AllowRenegotiation || SslProtocol == SslProtocols.Tls13 || _nestedAuth != NestedState.StreamNotInUse)

84return _sslAuthenticationOptions.CertificateContext?.TargetCertificate; 158return _sslAuthenticationOptions.RemoteCertRequired; 322if (_sslAuthenticationOptions.CertificateContext != null) 332_selectedClientCertificate = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 334return _sslAuthenticationOptions.CertificateContext.TargetCertificate; 336else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 346_sslAuthenticationOptions.ClientCertificates ??= new X509CertificateCollection(); 347clientCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost, _sslAuthenticationOptions.ClientCertificates, remoteCert, issuers); 362if (_sslAuthenticationOptions.ClientCertificates == null || _sslAuthenticationOptions.ClientCertificates.Count == 0) 374else if (_credentialsHandle == null && _sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 378clientCertificate = _sslAuthenticationOptions.ClientCertificates[0]; 387else if (_sslAuthenticationOptions.ClientCertificates != null && _sslAuthenticationOptions.ClientCertificates.Count > 0) 406for (int i = 0; i < _sslAuthenticationOptions.ClientCertificates.Count; ++i) 418certificateEx = MakeEx(_sslAuthenticationOptions.ClientCertificates[i]); 473if (certificateEx != null && (object)certificateEx != (object)_sslAuthenticationOptions.ClientCertificates[i]) 481NetEventSource.Log.SelectedCert(_sslAuthenticationOptions.ClientCertificates[i], this); 483EnsureInitialized(ref filteredCerts).Add(_sslAuthenticationOptions.ClientCertificates[i]); 515if ((selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, clientCertificate)) != null) 583_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert); 586if (SslStreamPal.TryUpdateClintCertificate(_credentialsHandle, _securityContext, _sslAuthenticationOptions)) 602_sslAuthenticationOptions.EnabledSslProtocols, 603_sslAuthenticationOptions.IsServer, 604_sslAuthenticationOptions.EncryptionPolicy, 605_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 606_sslAuthenticationOptions.AllowTlsResume, 642_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert!); 649_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert!); 652_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions, newCredentialsRequested); 660_sslAuthenticationOptions.CertificateContext ??= SslStreamCertificateContext.Create(selectedCert); 682if (_sslAuthenticationOptions.ServerCertSelectionDelegate != null) 684localCertificate = _sslAuthenticationOptions.ServerCertSelectionDelegate(this, _sslAuthenticationOptions.TargetHost); 688NetEventSource.Error(this, $"ServerCertSelectionDelegate returned no certificate for '{_sslAuthenticationOptions.TargetHost}'."); 695else if (_sslAuthenticationOptions.CertSelectionDelegate != null) 698tempCollection.Add(_sslAuthenticationOptions.CertificateContext!.TargetCertificate!); 700localCertificate = _sslAuthenticationOptions.CertSelectionDelegate(this, string.Empty, tempCollection, null, Array.Empty<string>()); 704NetEventSource.Error(this, $"CertSelectionDelegate returned no certificaete for '{_sslAuthenticationOptions.TargetHost}'."); 711else if (_sslAuthenticationOptions.CertificateContext != null) 713selectedCert = _sslAuthenticationOptions.CertificateContext.TargetCertificate; 730selectedCert = FindCertificateWithPrivateKey(this, _sslAuthenticationOptions.IsServer, localCertificate); 738_sslAuthenticationOptions.CertificateContext = SslStreamCertificateContext.Create(selectedCert); 741Debug.Assert(_sslAuthenticationOptions.CertificateContext != null); 746bool sendTrustedList = _sslAuthenticationOptions.CertificateContext!.Trust?._sendTrustInHandshake ?? false; 748_sslAuthenticationOptions.EnabledSslProtocols, 749_sslAuthenticationOptions.IsServer, 750_sslAuthenticationOptions.EncryptionPolicy, 751_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 752_sslAuthenticationOptions.AllowTlsResume, 761_credentialsHandle = AcquireCredentialsHandle(_sslAuthenticationOptions); 867cachedCreds = _sslAuthenticationOptions.IsServer 872if (_sslAuthenticationOptions.IsServer) 874sendTrustList = _sslAuthenticationOptions.CertificateContext?.Trust?._sendTrustInHandshake ?? false; 881_sslAuthenticationOptions); 887_sslAuthenticationOptions, 897_sslAuthenticationOptions); 903string hostName = TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost); 910_sslAuthenticationOptions); 926_sslAuthenticationOptions); 950_sslAuthenticationOptions.EnabledSslProtocols, 951_sslAuthenticationOptions.IsServer, 952_sslAuthenticationOptions.EncryptionPolicy, 953_sslAuthenticationOptions.CertificateRevocationCheckMode != X509RevocationMode.NoCheck, 954_sslAuthenticationOptions.AllowTlsResume, 970_sslAuthenticationOptions); 1048X509Certificate2? certificate = CertificateValidationPal.GetRemoteCertificate(_securityContext, ref chain, _sslAuthenticationOptions.CertificateChainPolicy); 1069if (_sslAuthenticationOptions.CertificateChainPolicy != null) 1071chain.ChainPolicy = _sslAuthenticationOptions.CertificateChainPolicy; 1075chain.ChainPolicy.RevocationMode = _sslAuthenticationOptions.CertificateRevocationCheckMode; 1096chain.ChainPolicy.ApplicationPolicy.Add(_sslAuthenticationOptions.IsServer ? s_clientAuthOid : s_serverAuthOid); 1103_sslAuthenticationOptions.CheckCertName, 1104_sslAuthenticationOptions.IsServer, 1105TargetHostNameHelper.NormalizeHostName(_sslAuthenticationOptions.TargetHost));