add set security protocol support

artfulhacker · artfulhacker · commit c4aebe93793a · 2015-06-18T10:36:54.000-07:00
ability to set the security protocol along with certificate for wss://
diff --git a/src/Fleck.Tests/WebSocketServerTests.cs b/src/Fleck.Tests/WebSocketServerTests.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Net;
 using System.Net.Sockets;
+using System.Security.Authentication;
 using Moq;
 using NUnit.Framework;
 using System.Security.Cryptography.X509Certificates;
@@ -60,6 +61,14 @@ public void ShouldBeSecureWithWssAndCertificate()
             Assert.IsTrue(server.IsSecure);
         }
 
+        [Test]
+        public void ShouldDefaultToNoneWithWssAndCertificate()
+        {
+            var server = new WebSocketServer("wss://0.0.0.0:8000");
+            server.Certificate = new X509Certificate2();
+            Assert.AreEqual(server.EnabledSslProtocols, SslProtocols.None);
+        }
+
         [Test]
         public void ShouldNotBeSecureWithWssAndNoCertificate()
         {
diff --git a/src/Fleck/Interfaces/ISocket.cs b/src/Fleck/Interfaces/ISocket.cs
@@ -3,6 +3,7 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using System.IO;
+using System.Security.Authentication;
 
 namespace Fleck
 {
@@ -17,7 +18,7 @@ public interface ISocket
         Task<ISocket> Accept(Action<ISocket> callback, Action<Exception> error);
         Task Send(byte[] buffer, Action callback, Action<Exception> error);
         Task<int> Receive(byte[] buffer, Action<int> callback, Action<Exception> error, int offset = 0);
-        Task Authenticate(X509Certificate2 certificate, Action callback, Action<Exception> error);
+        Task Authenticate(X509Certificate2 certificate, SslProtocols enabledSslProtocols, Action callback, Action<Exception> error);
 
         void Dispose();
         void Close();
diff --git a/src/Fleck/SocketWrapper.cs b/src/Fleck/SocketWrapper.cs
@@ -45,12 +45,12 @@ public SocketWrapper(Socket socket)
                 _stream = new NetworkStream(_socket);
         }
 
-        public Task Authenticate(X509Certificate2 certificate, Action callback, Action<Exception> error)
+        public Task Authenticate(X509Certificate2 certificate, SslProtocols enabledSslProtocols, Action callback, Action<Exception> error)
         {
             var ssl = new SslStream(_stream, false);
             _stream = new QueuedStream(ssl);
             Func<AsyncCallback, object, IAsyncResult> begin =
-                (cb, s) => ssl.BeginAuthenticateAsServer(certificate, false, SslProtocols.Tls, false, cb, s);
+                (cb, s) => ssl.BeginAuthenticateAsServer(certificate, false, enabledSslProtocols, false, cb, s);
                 
             Task task = Task.Factory.FromAsync(begin, ssl.EndAuthenticateAsServer, null);
             task.ContinueWith(t => callback(), TaskContinuationOptions.NotOnFaulted)
diff --git a/src/Fleck/WebSocketServer.cs b/src/Fleck/WebSocketServer.cs
@@ -3,6 +3,7 @@
 using System.Net.Sockets;
 using System.Security.Cryptography.X509Certificates;
 using System.Collections.Generic;
+using System.Security.Authentication;
 using Fleck.Helpers;
 
 namespace Fleck
@@ -40,6 +41,7 @@ public WebSocketServer(int port, string location)
         public string Location { get; private set; }
         public int Port { get; private set; }
         public X509Certificate2 Certificate { get; set; }
+        public SslProtocols EnabledSslProtocols { get; set; }
         public IEnumerable<string> SupportedSubProtocols { get; set; }
 
         public bool IsSecure
@@ -81,6 +83,12 @@ public void Start(Action<IWebSocketConnection> config)
                     FleckLog.Error("Scheme cannot be 'wss' without a Certificate");
                     return;
                 }
+
+                if (EnabledSslProtocols == SslProtocols.None)
+                {
+                    EnabledSslProtocols = SslProtocols.Tls;
+                    FleckLog.Debug("Using default TLS 1.0 security protocol.");
+                }
             }
             ListenForClients();
             _config = config;
@@ -117,6 +125,7 @@ private void OnClientConnect(ISocket clientSocket)
                 FleckLog.Debug("Authenticating Secure Connection");
                 clientSocket
                     .Authenticate(Certificate,
+                                  EnabledSslProtocols,
                                   connection.StartReceiving,
                                   e => FleckLog.Warn("Failed to Authenticate", e));
             }

Original file line number	Diff line number	Diff line change
`@@ -45,12 +45,12 @@ public SocketWrapper(Socket socket)`
`45`	`45`	`_stream = new NetworkStream(_socket);`
`46`	`46`	`}`
`47`	`47`
`48`		`- public Task Authenticate(X509Certificate2 certificate, Action callback, Action<Exception> error)`
	`48`	`+ public Task Authenticate(X509Certificate2 certificate, SslProtocols enabledSslProtocols, Action callback, Action<Exception> error)`
`49`	`49`	`{`
`50`	`50`	`var ssl = new SslStream(_stream, false);`
`51`	`51`	`_stream = new QueuedStream(ssl);`
`52`	`52`	`Func<AsyncCallback, object, IAsyncResult> begin =`
`53`		`- (cb, s) => ssl.BeginAuthenticateAsServer(certificate, false, SslProtocols.Tls, false, cb, s);`
	`53`	`+ (cb, s) => ssl.BeginAuthenticateAsServer(certificate, false, enabledSslProtocols, false, cb, s);`
`54`	`54`
`55`	`55`	`Task task = Task.Factory.FromAsync(begin, ssl.EndAuthenticateAsServer, null);`
`56`	`56`	`task.ContinueWith(t => callback(), TaskContinuationOptions.NotOnFaulted)`