Extends TcpNetworkSocket adding support for TLS
Inheritance Hierarchy
TcpNetworkSocket
LaurelBridge.DCFExamples.TLSTlsNetworkSocket
Namespace: LaurelBridge.DCFExamples.TLS
Assemblies: EchoSCU (in EchoSCU.exe) Version: DCF34 r13043 DCF_3_4_56_20220408 NetFramework
VerificationSCPExtended (in VerificationSCPExtended.exe) Version: DCF34 r13043 DCF_3_4_56_20220408 NetFramework
Syntax
C#
public class TlsNetworkSocket : TcpNetworkSocket
The TlsNetworkSocket type exposes the following members.
Constructors
Name | Description | |
---|---|---|
TlsNetworkSocket |
Default constructor
|
Properties
Name | Description | |
---|---|---|
AllowMissingCertificates |
Allow client to not send a certificate
| |
AllowSelfSignedCertificates |
Allow self-signed certificates
| |
AuthenticationTimeoutMs |
TLS authentication timeout in msecs
| |
Certificate |
The TLS certificate.
| |
EnabledSslProtocols |
Which TLS protocols are enabled: 1.0, 1.1, 1.2
| |
IgnoreCertificateNameMismatch |
Ignore certificate name mismatch errors
| |
RemoteHostName |
Remote hostname
| |
SendClientCertificate |
True requires client to send a certificate
| |
SslProtocol |
Get the active TLS protocol from the TLS connection stream
| |
WriteTimeoutMs |
Write to socket timeout in msecs
|
Methods
Name | Description | |
---|---|---|
Accept |
Overridden server-side accept of an incoming connect request.
(Overrides TcpNetworkSocket.Accept.) | |
Close |
Close the socket
(Overrides TcpNetworkSocket.Close.) | |
Close(Int32) |
Close the socket with a timeout in seconds
(Overrides TcpNetworkSocket.Close(Int32).) | |
Connect(EndPoint) |
Connect the socket to the given TCP endpoint
(Overrides TcpNetworkSocket.Connect(EndPoint).) | |
Connect(IPAddress, Int32) |
Connect the socket to the given IP address and port
(Overrides TcpNetworkSocket.Connect(IPAddress, Int32).) | |
Connect(String, Int32) |
Connect the socket to the given host and port
(Overrides TcpNetworkSocket.Connect(String, Int32).) | |
InitClientTlsConnectionAndAuthenticate |
This method should be called to authenticate the TLS stream as a client.
| |
InitServerTlsConnectionAndAuthenticate |
This method should be called to authenticate the TLS stream as a server. For a server side TlsNetworkSocket, when LAZY_SERVER_SIDE_AUTHENTICATION_MODE is false, this method is
called when DCF's AssociationManager.run() calls waitForServerConnection() which then calls this instance's Accept() method. In this situation, the AssociationManager will not
accept more connections until this method has completed. This method may not complete quickly, for example, if the client side does not send authentication information such as
a TLS Client Hello message, which will happen if a non-TLS client connects to the SCP's TLS port. Such a situation can lead to unacceptable delays (waiting for a
timeout) in accepting future associations.
For a server, when LAZY_SERVER_SIDE_AUTHENTICATION_MODE is true, this method is called by AssociationManager.HandleAssociation() in a new thread, after waitForServerConnection()
has completed calling Accept(). Therefore, future connections are not blocked waiting for this method to complete. Note that a consequence of handling the authentication in this
manner is that the DCF AssociationManager has incremented its association count to handle this in a new thread. In case of a bad connection request, that association counter will
not be decremented until a timeout or other error completes the thread's operation.
| |
Listen |
Enter the listen state with the backlog queue length
(Overrides TcpNetworkSocket.Listen(Int32).) | |
Poll |
Invoke a poll on the socket with microseconds timeout and selected mode
(Overrides TcpNetworkSocket.Poll(Int32, SelectMode).) | |
Receive |
Read data from the socket into the buffer at offset limited to count bytes
(Overrides TcpNetworkSocket.Receive(Byte, Int32, Int32).) | |
Send(Byte) |
Write the buffer data to the connected socket
(Overrides TcpNetworkSocket.Send(Byte).) | |
Send(Byte, Int32, Int32) |
Write the buffer data to the connected socket starting at offset bytes and limited to count bytes
(Overrides TcpNetworkSocket.Send(Byte, Int32, Int32).) |
Fields
Name | Description | |
---|---|---|
ALLOW_WILDCARD_AND_SAN_CERTIFICATES |
Whether to allow wildcard and SAN (multi-domain) certificates
| |
LAZY_SERVER_SIDE_AUTHENTICATION_MODE |
Whether to call AuthenticateAsServer() immediately or wait until we attempt to send or receive from a server side socket connection;
effectively, this equates to whether to authenticate on the main listen socket itself or on a child socket that was created by
a call to Accept().
NOTE also that when this is set to "true", AuthenticateAsServer() is called only when the underlying .NET code
calls one of this class's overridden Receive() or Send() methods --which is indeed happening currently, after Accept() has been called,
when the DCF attempts to read the first PDU of an association in a newly created thread.
|
See Also