9f8e8a71b2
|
||
|---|---|---|
| Android | ||
| CA | ||
| MartinsPlayground | ||
| Mono.Security.Interface | ||
| Mono.Security.NewTls | ||
| Mono.Security.NewTls.Console | ||
| Mono.Security.NewTls.Interface | ||
| Mono.Security.NewTls.TestFramework | ||
| Mono.Security.NewTls.TestProvider | ||
| Mono.Security.NewTls.Tests | ||
| Mono.Security.Providers | ||
| NativeOpenSsl | ||
| external | ||
| .gitignore | ||
| .gitmodules | ||
| Makefile.native | ||
| MartinsPlayground.Android.sln | ||
| MartinsPlayground.mdw | ||
| MartinsPlayground.sln | ||
| README.TestFramework.md | ||
| README.md | ||
| new-tls.snk | ||
README.md
Mono's New TLS Implementation
Dependencies:
-
Xamarin.AsyncTests from the martin-newtls branch. This is included as a submodule.
-
Mono 4.0 must be installed as system-default Mono in
/Library/Frameworks/Mono.framework.This is required because some internals in the binary serialization format have changed, which Xamarin Studio uses to communicate to the external
mdtoolbuild process when building against a custom runtime. -
Mono from the work-newtls branch installed into a custom prefix.
At the moment, this custom prefix must be
/Workspace/INSTALL- this is unfortunately hardcoded in the native Xcode project at the moment.FIXME: To use a different prefix, need to make sure we find the openssl shared libraries at runtime.
This version of Mono must be selected as current runtime in Xamarin Studio (go to Preferences / .NET Runtime to install it, then select via Project / Active Runtime ...).
-
Shared-library build of OpenSsl 1.0.1.
The default version of OpenSsl on OS X is too old and it's also not built as shared library. You need to download the openssl 1.0.1 sources, then configure and compile with:
$ ./config -t
$ ./Configure darwin-i386-cc --prefix=/Workspace/INSTALL -shared
$ make
$ make install
-
Xcode
-
Build the native library with
$ make -f Makefile.native
- Open
MartinsPlayground.slnin Xamarin Studio and select/Workspace/INSTALLas current runtime.
Android and iOS
For Android and iOS you will need a custom build of Xamarin.Android / Xamarin.iOS with Mono from the
work-newtls branch. You also need to build mcs/class/Mono.Security.Providers and install the binaries.
Reference Source and how the pieces fit together
See mcs/class/Mono.Security.Providers/README.md for an overview of the new Mono.Security.Interface APIs.
The new TLS code requires Microsoft's SslStream implementation from the referencesource, the corresponding files are:
- System/Net/SecureProtocols/SslStream.cs
- System/Net/SecureProtocols/_SslStream.cs
- System/Net/SecureProtocols/_SslState.cs
- System/Net/_SecureChannel.cs
Main bridge between their code and ours is mcs/class/System/ReferenceSources/SSPIWrapper.cs.
All these classes are currently not built into System.dll, but into Mono.Security.Providers.NewSystemSource.dll.
Main bridge between our code and theirs is Mono.Security.Providers.NewTls.MonoNewTlsStreamFactory.
The Mono.Security.Providers.NewTls module uses advanced extern alias compilation magic to create an instance of their SslStream class from the Mono.Security.Providers.NewSystemSource module (again, this uses advanced extern alias compilation magic).
This Mono.Security.Providers.NewTls module provides an implementation of Mono.Security.Interface.MonoTlsProvider, which is then registered with the MonoTlsProviderFactory, a new public Mono.Security.dll (System.dll on Mobile) API.
When Mono's existing web-stack attempts to make a TLS call, it will query MonoTlsProviderFactory for the current provider, so it can use the new implementation. (FIXME: this is not done yet) (FIXME: the factory is currently per-process and needs to be set at application startup).
To use the new code, an application needs to call
MonoTlsProviderFactory.InstallProvider (new NewTlsProvider ());