diff --git a/dotnet/IEC61850forCSharp/TLS.cs b/dotnet/IEC61850forCSharp/TLS.cs
index d645c547..0661f038 100644
--- a/dotnet/IEC61850forCSharp/TLS.cs
+++ b/dotnet/IEC61850forCSharp/TLS.cs
@@ -216,6 +216,12 @@ namespace IEC61850
private bool allowOnlyKnownCerts = false;
private bool chainValidation = true;
+ private bool sessionResumptionEnabled = true; /* default is true */
+
+ private int sessionResumptionInterval = 21600; /* in seconds */
+
+ private bool timeValidation = true; /* validate validity time in vertificates (default: true) */
+
[DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern IntPtr TLSConfiguration_create();
@@ -263,18 +269,41 @@ namespace IEC61850
[return: MarshalAs(UnmanagedType.I1)]
static extern bool TLSConfiguration_addCACertificateFromFile(IntPtr self, string filename);
- [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)]
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
+ [return: MarshalAs(UnmanagedType.I1)]
+ static extern bool TLSConfiguration_addCRL(IntPtr self, byte[] crl, int crlLen);
+
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
+ [return: MarshalAs(UnmanagedType.I1)]
+ static extern bool TLSConfiguration_addCRLFromFile(IntPtr self, string filename);
+
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
+ static extern void TLSConfiguration_resetCRL(IntPtr self);
+
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_setMinTlsVersion(IntPtr self, int version);
- [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)]
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_setMaxTlsVersion(IntPtr self, int version);
- [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)]
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_addCipherSuite(IntPtr self, int ciphersuite);
- [DllImport("tase2", CallingConvention = CallingConvention.Cdecl)]
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
static extern void TLSConfiguration_clearCipherSuiteList(IntPtr self);
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
+ static extern void TLSConfiguration_enableSessionResumption(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value);
+
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
+ static extern void TLSConfiguration_setSessionResumptionInterval(IntPtr self, int value);
+
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
+ static extern void TLSConfiguration_setTimeValidation(IntPtr self, [MarshalAs(UnmanagedType.I1)] bool value);
+
+ [DllImport("iec61850", CallingConvention = CallingConvention.Cdecl)]
+ static extern void TLSConfiguration_setRenegotiationTime(IntPtr self, int value);
+
private TLSEventHandler eventHandler = null;
private object eventHandlerParameter = null;
@@ -354,6 +383,64 @@ namespace IEC61850
}
}
+ ///
+ /// Enable or disable session resumption (enabled by default)
+ ///
+ public bool SessionResumption
+ {
+ set
+ {
+ TLSConfiguration_enableSessionResumption(self, value);
+ sessionResumptionEnabled = value;
+ }
+ get
+ {
+ return sessionResumptionEnabled;
+ }
+ }
+
+
+ ///
+ /// Get or set the session resumption interval in seconds
+ ///
+ public int SessionResumptionInterval
+ {
+ set
+ {
+ TLSConfiguration_setSessionResumptionInterval(self, value);
+ sessionResumptionInterval = value;
+ }
+ get
+ {
+ return sessionResumptionInterval;
+ }
+ }
+
+ ///
+ /// Verify validity of times in certificates and CRLs (default: true)
+ ///
+ public bool TimeValidation
+ {
+ set
+ {
+ TLSConfiguration_setTimeValidation(self, value);
+ timeValidation = value;
+ }
+ get
+ {
+ return timeValidation;
+ }
+ }
+
+ ///
+ /// Set the TLS session renegotiation timeout.
+ ///
+ /// session renegotiation timeout in milliseconds
+ public void SetRenegotiationTime(int timeInMs)
+ {
+ TLSConfiguration_setRenegotiationTime(self, timeInMs);
+ }
+
public void SetClientMode()
{
TLSConfiguration_setClientMode(self);
@@ -413,7 +500,13 @@ namespace IEC61850
}
}
- public void SetOwnKey(string filename, string password)
+ ///
+ /// Set own private key from file
+ ///
+ /// Filename of a DER or PEM private key file
+ /// Password in case the private key is password protected
+ ///
+ public void SetOwnKey(string filename, string password = null)
{
if (TLSConfiguration_setOwnKeyFromFile(self, filename, password) == false)
{
@@ -431,6 +524,26 @@ namespace IEC61850
}
}
+ ///
+ /// Add a CRL from a X509 CRL file
+ ///
+ /// the name of the CRL file
+ public void AddCRL(string filename)
+ {
+ if (TLSConfiguration_addCRLFromFile(self, filename) == false)
+ {
+ throw new CryptographicException("Failed to read CRL from file");
+ }
+ }
+
+ ///
+ /// Removes any CRL (certificate revocation list) currently in use
+ ///
+ public void ResetCRL()
+ {
+ TLSConfiguration_resetCRL(self);
+ }
+
///
/// Set minimal allowed TLS version to use
///
@@ -454,7 +567,7 @@ namespace IEC61850
/// Add an allowed ciphersuite to the list of allowed ciphersuites
///
///
- public void addCipherSuite(TlsCipherSuite ciphersuite)
+ public void AddCipherSuite(TlsCipherSuite ciphersuite)
{
TLSConfiguration_addCipherSuite(self,(int) ciphersuite);
}
@@ -464,7 +577,7 @@ namespace IEC61850
///
/// Version for .NET framework that does not support TlsCipherSuite enum
///
- public void addCipherSuite(int ciphersuite)
+ public void AddCipherSuite(int ciphersuite)
{
TLSConfiguration_addCipherSuite(self, ciphersuite);
}
@@ -473,7 +586,7 @@ namespace IEC61850
/// Clears list of allowed ciphersuites
///
///
- public void clearCipherSuiteList()
+ public void ClearCipherSuiteList()
{
TLSConfiguration_clearCipherSuiteList(self);
}