Skip to content

Client-side TLS 1.3 support on OSX #117428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rzikm merged 88 commits into from
Jul 17, 2025
Merged

Client-side TLS 1.3 support on OSX #117428

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
88 commits
Select commit Hold shift + click to select a range
c062e18
Native Interop Layer
liveans Jun 16, 2025
ecba3f7
Native Layer Compilation fix for Mono + NativeAOT + templates
liveans Jun 16, 2025
bf130f3
First shape of new native + interop
liveans Jun 25, 2025
0dcc599
Newlines at the end of files
liveans Jun 25, 2025
44b3597
Default constructor ownsHandle to true
liveans Jun 25, 2025
3cbcea7
Delete couple of unsafe keyword in Interop
liveans Jun 25, 2025
3defe85
Update src/native/libs/System.Net.Security.Native.Apple/pal_networkfr…
liveans Jun 25, 2025
57a7069
Merge branch 'main' into network_framework_integration_native_interop
liveans Jun 25, 2025
c1a2b6b
Fix PlatformManifestFileEntry
liveans Jun 25, 2025
0977679
Review feedback
liveans Jun 25, 2025
fe343b0
Apply suggestions from code review
liveans Jun 26, 2025
0fff060
Update src/libraries/Common/src/Interop/OSX/Interop.Network.Tls.cs
liveans Jun 26, 2025
3441093
Review feedbacks
liveans Jun 28, 2025
3e547c5
Merge branch 'main' into network_framework_integration_native_interop
liveans Jun 28, 2025
25b8950
Further review feedback
liveans Jun 28, 2025
91238c5
Add new library name to nativeaot build target file
liveans Jun 28, 2025
a250b67
Merge branch 'main' into network_framework_integration_native_interop
liveans Jun 28, 2025
beb5f93
Merge System.Net.Security.Native.Apple with System.Security.Cryptogra…
rzikm Jul 1, 2025
0ab06b2
fixup! Merge System.Net.Security.Native.Apple with System.Security.Cr…
rzikm Jul 1, 2025
39bef6d
Shared OSStatus
rzikm Jul 1, 2025
8267454
Correctly release some handles
rzikm Jul 1, 2025
4bf6eb9
Remove printf
rzikm Jul 1, 2025
f771ea9
Add comments
rzikm Jul 1, 2025
6ab3942
Fix build
rzikm Jul 2, 2025
b05467e
Copy of initial changes
rzikm Jul 2, 2025
9aa167a
Fix build
rzikm Jul 2, 2025
da8d285
WIP
rzikm Jul 2, 2025
e7fa071
WIP
rzikm Jul 3, 2025
d018034
more WIP
rzikm Jul 3, 2025
4767c77
Minimal example is working
rzikm Jul 7, 2025
e629414
Fix concurrent read/write calls
rzikm Jul 7, 2025
becc664
ALPN fix
rzikm Jul 7, 2025
f4d4bc8
Certificate validation
rzikm Jul 7, 2025
b967fc9
Report remote alerts
rzikm Jul 7, 2025
0f71d07
CipherSuitesPolicy support
rzikm Jul 7, 2025
0718512
Fix IDNA
rzikm Jul 8, 2025
0df2d19
Zero-bytes read support
rzikm Jul 8, 2025
10f812a
fixup! ALPN fix
rzikm Jul 8, 2025
a77d7d2
Attach correct cancellation token to exceptions
rzikm Jul 8, 2025
6ca7130
Fix framer lifetime
rzikm Jul 8, 2025
0bc4003
fixup! CipherSuitesPolicy support
rzikm Jul 8, 2025
c26d47e
Cleanup some unwanted changes
rzikm Jul 8, 2025
1bd7626
Some more cleanup
rzikm Jul 8, 2025
1434381
Fix ALPN reading
rzikm Jul 8, 2025
dfd1753
ClientCertificates + CertificateContext + CertSelectionDelegate imple…
liveans Jul 8, 2025
bbe2e5d
Correctly pass remote certificate + acceptableIssuers to selection ca…
liveans Jul 9, 2025
aba17db
Disable Ciphersuite tests for NW
liveans Jul 9, 2025
5c45a15
Fix formatting
liveans Jul 9, 2025
f6babf0
Fix some test scenarios
liveans Jul 9, 2025
cdf141c
Delete unused ResettableTaskSource
liveans Jul 9, 2025
e61e02a
Fix build
liveans Jul 9, 2025
fe3170b
Unify certificate validation code
rzikm Jul 9, 2025
216b3a6
TARGET_OSX to TARGET_APPLE
rzikm Jul 9, 2025
2ec8e98
Small changes
rzikm Jul 9, 2025
f6a17b0
Fix build of other platforms
rzikm Jul 9, 2025
02d76f5
Disable known edge-case for now
liveans Jul 9, 2025
df9c144
Some test fixes
rzikm Jul 9, 2025
fbc3fb2
Disable EventSource order test for NW
liveans Jul 10, 2025
2b1dbb3
Add TCS for completion on transportStream Write and propagate exceptions
liveans Jul 10, 2025
cf412ce
Propagate exception for handshake + write tcs from transport read task
liveans Jul 10, 2025
b2e7dc7
Missing write part of propagation exception for transport read task
liveans Jul 10, 2025
16b48e1
App read optimization
rzikm Jul 10, 2025
4212aff
fixup! App read optimization
rzikm Jul 10, 2025
6c47976
Fix hanging pending read after read cancellation
rzikm Jul 10, 2025
ad232e8
Unify local cert selection
rzikm Jul 11, 2025
9dff34a
Improve thisHandle lifetime management
rzikm Jul 11, 2025
3488df4
Introduce specific exception for NetworkFramework + properly propagat…
liveans Jul 11, 2025
e444f02
Refactor NetworkFramework error handling to use enum for error domains
liveans Jul 11, 2025
a4a4c69
Refactor error extraction in NetworkFramework to return CFStringRef f…
liveans Jul 11, 2025
a824578
Enhance cancellation support in SafeDeleteNwContext by throwing on ca…
liveans Jul 12, 2025
f4edc9b
Typo fix
liveans Jul 12, 2025
5a95f10
Switch to Network.framework tests on CI
liveans Jul 12, 2025
0b92607
Fix memory leaks, introduce CancellationAction for ResettableValueTas…
liveans Jul 12, 2025
e062869
Reverting back running nw tests on ci, as some apis requires at least…
liveans Jul 13, 2025
92d8770
A bit cleanup
liveans Jul 13, 2025
a15e0d9
Use more appropriate names in nw shim functions
rzikm Jul 14, 2025
3a78fbe
Centralized gchandle management in native code
rzikm Jul 14, 2025
03ce32f
Fix correct cancellation token when throwing
rzikm Jul 14, 2025
53281db
Fix hang, remove try-catches in completion callbacks
rzikm Jul 14, 2025
b15b220
Revert unwanted changes
rzikm Jul 14, 2025
a292e7a
Fix comment
rzikm Jul 14, 2025
39582fc
Logging improvements
rzikm Jul 15, 2025
0d02b54
Merge remote-tracking branch 'upstream/main' into osx-tls13
rzikm Jul 16, 2025
a6ff82f
Apply suggestion from @liveans
rzikm Jul 16, 2025
8102719
Update src/libraries/System.Net.Security/src/System/Net/Security/Pal.…
rzikm Jul 16, 2025
a6c124d
Code review feecback
rzikm Jul 16, 2025
83bcaf1
Remove duplicate void* state argument in native functions
rzikm Jul 16, 2025
ba6e3fb
Update src/native/libs/System.Security.Cryptography.Native.Apple/pal_…
rzikm Jul 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions src/libraries/Common/src/Interop/OSX/Interop.NetworkFramework.Tls.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ internal static partial class Tls
internal static unsafe partial bool Init(
delegate* unmanaged<IntPtr, StatusUpdates, IntPtr, IntPtr, NetworkFrameworkError*, void> statusCallback,
delegate* unmanaged<IntPtr, byte*, ulong, void> writeCallback,
delegate* unmanaged<IntPtr, IntPtr, IntPtr, IntPtr> challengeCallback);
delegate* unmanaged<IntPtr, IntPtr, IntPtr> challengeCallback);

// Create a new connection context
[LibraryImport(Interop.Libraries.AppleCryptoNative, EntryPoint = "AppleCryptoNative_NwConnectionCreate", StringMarshalling = StringMarshalling.Utf8)]
Expand Down Expand Up @@ -52,15 +52,14 @@ internal static unsafe partial bool Init(

// gets TLS connection information
[LibraryImport(Interop.Libraries.AppleCryptoNative, EntryPoint = "AppleCryptoNative_GetConnectionInfo")]
internal static unsafe partial int GetConnectionInfo(SafeNwHandle connection, out SslProtocols pProtocol, out TlsCipherSuite pCipherSuiteOut, byte* negotiatedAlpn, ref int negotiatedAlpnLength);
internal static unsafe partial int GetConnectionInfo(SafeNwHandle connection, IntPtr state, out SslProtocols pProtocol, out TlsCipherSuite pCipherSuiteOut, byte* negotiatedAlpn, ref int negotiatedAlpnLength);
}

// Status enumeration for Network Framework TLS operations
internal enum StatusUpdates
{
UnknownError = 0,
FramerStart = 1,
FramerStop = 2,
HandshakeFinished = 3,
ConnectionFailed = 4,
ConnectionCancelled = 103,
Expand Down
12 changes: 7 additions & 5 deletions src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteNwContext.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ internal sealed class SafeDeleteNwContext : SafeDeleteContext
// no more callbacks from the native code
private readonly GCHandle _thisHandle;

internal IntPtr StateHandle => _thisHandle.IsAllocated ? GCHandle.ToIntPtr(_thisHandle) : IntPtr.Zero;

private TaskCompletionSource<Exception?> _handshakeCompletionSource = new TaskCompletionSource<Exception?>(TaskCreationOptions.RunContinuationsAsynchronously);
private Task? _transportReadTask;
private ResettableValueTaskSource _transportReadTcs = new ResettableValueTaskSource()
Expand Down Expand Up @@ -106,7 +108,7 @@ public SafeDeleteNwContext(SslStream stream) : base(IntPtr.Zero)

internal async Task<Exception?> HandshakeAsync(CancellationToken cancellationToken)
{
Interop.NetworkFramework.Tls.NwConnectionStart(ConnectionHandle, GCHandle.ToIntPtr(_thisHandle));
Interop.NetworkFramework.Tls.NwConnectionStart(ConnectionHandle, StateHandle);

using CancellationTokenRegistration registration = cancellationToken.UnsafeRegister(static (state, token) =>
{
Expand Down Expand Up @@ -186,7 +188,7 @@ internal async Task WriteAsync(ReadOnlyMemory<byte> buffer, CancellationToken ca
using MemoryHandle memoryHandle = buffer.Pin();
unsafe
{
Interop.NetworkFramework.Tls.NwConnectionSend(ConnectionHandle, GCHandle.ToIntPtr(_thisHandle), memoryHandle.Pointer, buffer.Length, GCHandle.ToIntPtr(handle), &CompletionCallback);
Interop.NetworkFramework.Tls.NwConnectionSend(ConnectionHandle, StateHandle, memoryHandle.Pointer, buffer.Length, GCHandle.ToIntPtr(handle), &CompletionCallback);
}
try
{
Expand Down Expand Up @@ -299,7 +301,7 @@ internal Task FillAppDataBufferAsync()
if (NetEventSource.Log.IsEnabled()) NetEventSource.Info(this, $"Waiting for read from connection");
unsafe
{
Interop.NetworkFramework.Tls.NwConnectionReceive(ConnectionHandle, GCHandle.ToIntPtr(_thisHandle), 16 * 1024, GCHandle.ToIntPtr(_thisHandle), &CompletionCallback);
Interop.NetworkFramework.Tls.NwConnectionReceive(ConnectionHandle, StateHandle, 16 * 1024, StateHandle, &CompletionCallback);
}

return _pendingAppReceiveBufferFillTask = valueTask.AsTask();
Expand Down Expand Up @@ -582,7 +584,7 @@ private static unsafe void WriteOutboundWireData(IntPtr thisHandle, byte* data,
}

[UnmanagedCallersOnly]
private static IntPtr ChallengeCallback(IntPtr thisHandle, IntPtr acceptableIssuersHandle, IntPtr remoteCertificateHandle)
private static IntPtr ChallengeCallback(IntPtr thisHandle, IntPtr acceptableIssuersHandle)
{
try
{
Expand Down Expand Up @@ -637,7 +639,7 @@ private async Task WriteInboundWireDataAsync(ReadOnlyMemory<byte> buf)

unsafe
{
Interop.NetworkFramework.Tls.NwFramerDeliverInput(_framerHandle, (byte*)memoryHandle.Pointer, buf.Length, GCHandle.ToIntPtr(_thisHandle), &CompletionCallback);
Interop.NetworkFramework.Tls.NwFramerDeliverInput(_framerHandle, (byte*)memoryHandle.Pointer, buf.Length, StateHandle, &CompletionCallback);
}

await valueTask.ConfigureAwait(false);
Expand Down
2 changes: 1 addition & 1 deletion src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.OSX.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ private void UpdateSslConnectionInfoNetworkFramework(SafeDeleteNwContext context
fixed (byte* alpnPtr = alpn)
{
// Call the native method to get connection info
osStatus = Interop.NetworkFramework.Tls.GetConnectionInfo(nwContext, out protocol, out cipherSuite, alpnPtr, ref alpnLength);
osStatus = Interop.NetworkFramework.Tls.GetConnectionInfo(nwContext, context.StateHandle, out protocol, out cipherSuite, alpnPtr, ref alpnLength);
}
}

Expand Down
5 changes: 2 additions & 3 deletions src/native/libs/System.Security.Cryptography.Native.Apple/pal_networkframework.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ typedef enum
{
PAL_NwStatusUpdates_UnknownError = 0,
PAL_NwStatusUpdates_FramerStart = 1,
PAL_NwStatusUpdates_FramerStop = 2,
PAL_NwStatusUpdates_HandshakeFinished = 3,
PAL_NwStatusUpdates_ConnectionFailed = 4,
PAL_NwStatusUpdates_ConnectionCancelled = 103,
Expand All @@ -46,7 +45,7 @@ typedef void (*StatusUpdateCallback)(void* context, PAL_NwStatusUpdates status,
typedef int32_t (*WriteCallback)(void* context, uint8_t* buffer, uint64_t length);
typedef void (*CompletionCallback)(void* context, PAL_NetworkFrameworkError* error);
typedef void (*ReadCompletionCallback)(void* context, PAL_NetworkFrameworkError* error, const uint8_t* data, size_t length);
typedef void* (*ChallengeCallback)(void* context, CFArrayRef acceptableIssuers, SecCertificateRef remoteCertificate);
typedef void* (*ChallengeCallback)(void* context, CFArrayRef acceptableIssuers);

// Initializes global state
PALEXPORT int32_t AppleCryptoNative_Init(StatusUpdateCallback statusFunc, WriteCallback writeFunc, ChallengeCallback challengeFunc);
Expand All @@ -59,7 +58,7 @@ PALEXPORT void AppleCryptoNative_NwConnectionCancel(nw_connection_t connection);

PALEXPORT int32_t AppleCryptoNative_NwFramerDeliverInput(nw_framer_t framer, const uint8_t* data, int dataLength, void* context, CompletionCallback completionCallback);

PALEXPORT int32_t AppleCryptoNative_GetConnectionInfo(nw_connection_t connection, PAL_SslProtocol* pProtocol, uint16_t* pCipherSuiteOut, char* negotiatedAlpn, int32_t* negotiatedAlpnLength);
PALEXPORT int32_t AppleCryptoNative_GetConnectionInfo(nw_connection_t connection, void* state, PAL_SslProtocol* pProtocol, uint16_t* pCipherSuiteOut, char* negotiatedAlpn, int32_t* negotiatedAlpnLength);

#ifdef __cplusplus
}
Expand Down
149 changes: 71 additions & 78 deletions src/native/libs/System.Security.Cryptography.Native.Apple/pal_networkframework.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,21 @@
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunguarded-availability-new"

#define LOG(state, ...) \
#define LOG_IMPL_(state, isError, ...) \
do { \
char buff[256]; \
snprintf(buff, sizeof(buff), __VA_ARGS__); \
_statusFunc(state, PAL_NwStatusUpdates_DebugLog, (size_t)(buff), (size_t)(-1), NULL); \
_statusFunc(state, PAL_NwStatusUpdates_DebugLog, (size_t)(buff), (size_t)(isError), NULL); \
} while (0)

#if DEBUG
#define LOG_INFO(state, ...) LOG_IMPL_(state, 0, __VA_ARGS__)
#else
#define LOG_INFO(state, ...) do { (void)state; } while (0)
#endif

#define LOG_ERROR(state, ...) LOG_IMPL_(state, 1, __VA_ARGS__)

#define MANAGED_STATE_KEY "GCHANDLE"

static void* FramerGetManagedState(nw_framer_t framer)
Expand Down Expand Up @@ -169,14 +177,14 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,
tls_protocol_version_t version = PalSslProtocolToTlsProtocolVersion(minTlsProtocol);
if ((int)version != 0)
{
LOG(state, "Min TLS version: %d", version);
LOG_INFO(state, "Min TLS version: %d", version);
sec_protocol_options_set_min_tls_protocol_version(sec_options, version);
}

version = PalSslProtocolToTlsProtocolVersion(maxTlsProtocol);
if ((int)version != 0)
{
LOG(state, "Max TLS version: %d", version);
LOG_INFO(state, "Max TLS version: %d", version);
sec_protocol_options_set_max_tls_protocol_version(sec_options, version);
}

Expand All @@ -187,7 +195,7 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,
{
uint8_t length = alpnBuffer[offset];
const char* alpn = (const char*) &alpnBuffer[offset + 1];
LOG(state, "Appending ALPN: %s", alpn);
LOG_INFO(state, "Appending ALPN: %s", alpn);
sec_protocol_options_add_tls_application_protocol(sec_options, alpn);
offset += length + 2;
}
Expand All @@ -198,7 +206,7 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,
for (int i = 0; i < cipherSuitesLength; i++)
{
uint16_t cipherSuite = (uint16_t)cipherSuites[i];
LOG(state, "Appending cipher suite: 0x%04x", cipherSuite);
LOG_INFO(state, "Appending cipher suite: 0x%04x", cipherSuite);
sec_protocol_options_append_tls_ciphersuite(sec_options, cipherSuite);
}
}
Expand All @@ -208,21 +216,9 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,
{
// Extract acceptable issuers from metadata
CFMutableArrayRef acceptableIssuers = NULL;
__block SecCertificateRef remoteCertificate = NULL;

if (metadata != NULL)
{
// Extract the peer certificate
__block bool firstCert = true;
sec_protocol_metadata_access_peer_certificate_chain(metadata, ^(sec_certificate_t certificate)
{
if (firstCert && certificate != NULL)
{
firstCert = false;
remoteCertificate = sec_certificate_copy_ref(certificate);
}
});

// Create array to hold distinguished names
acceptableIssuers = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);

Expand Down Expand Up @@ -252,21 +248,10 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,
}

// Call the managed callback to get the client identity
void* identity = NULL;
if (_challengeFunc != NULL)
{
identity = _challengeFunc(state, acceptableIssuers, remoteCertificate);
}
void* identity = _challengeFunc(state, acceptableIssuers);

// Clean up
if (acceptableIssuers != NULL)
{
CFRelease(acceptableIssuers);
}
if (remoteCertificate != NULL)
{
CFRelease(remoteCertificate);
}
CFRelease(acceptableIssuers);

if (identity != NULL)
{
Expand All @@ -276,8 +261,10 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,
if (sec_identity != NULL)
{
complete(sec_identity);
return;
nw_release(sec_identity);
}

return;
}

complete(NULL);
Expand All @@ -286,7 +273,7 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,
// we accept all certificates here and we will do validation later
sec_protocol_options_set_verify_block(sec_options, ^(sec_protocol_metadata_t metadata, sec_trust_t trust_ref, sec_protocol_verify_complete_t complete)
{
LOG(state, "Cert validation callback called");
LOG_INFO(state, "Cert validation callback called");

SecTrustRef chain = sec_trust_copy_ref(trust_ref);

Expand Down Expand Up @@ -316,7 +303,7 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,

if (connection == NULL)
{
LOG(state, "Failed to create Network Framework connection");
LOG_ERROR(state, "Failed to create Network Framework connection");
return NULL;
}

Expand Down Expand Up @@ -357,7 +344,6 @@ PALEXPORT nw_connection_t AppleCryptoNative_NwConnectionCreate(int32_t isServer,
(void)framer;
};


// This is called when connection start to set up framer
static nw_framer_start_handler_t framer_start = ^nw_framer_start_result_t(nw_framer_t framer)
{
Expand All @@ -383,6 +369,7 @@ PALEXPORT int32_t AppleCryptoNative_NwFramerDeliverInput(nw_framer_t framer, con
assert(framer != NULL);
if (framer == NULL)
{
LOG_ERROR(NULL, "NwFramerDeliverInput called with NULL framer");
return -1;
}

Expand All @@ -391,6 +378,7 @@ PALEXPORT int32_t AppleCryptoNative_NwFramerDeliverInput(nw_framer_t framer, con
// There is a race condition when connection can fail or be canceled and if it does we fail to create the message here.
if (message == NULL)
{
LOG_ERROR(FramerGetManagedState(framer), "NwFramerDeliverInput failed to create message");
return -1;
}

Expand All @@ -409,13 +397,16 @@ PALEXPORT int32_t AppleCryptoNative_NwFramerDeliverInput(nw_framer_t framer, con
PALEXPORT int AppleCryptoNative_NwConnectionStart(nw_connection_t connection, void* state)
{
if (connection == NULL)
{
LOG_ERROR(state, "NwConnectionStart called with NULL connection");
return -1;
}

nw_connection_set_state_changed_handler(connection, ^(nw_connection_state_t status, nw_error_t error)
{
PAL_NetworkFrameworkError errorInfo;
CFStringRef cfStringToRelease = ExtractNetworkFrameworkError(error, &errorInfo);
LOG(state, "Connection state changed: %d, errorCode: %d", (int)status, errorInfo.errorCode);
LOG_INFO(state, "Connection state changed: %d, errorCode: %d", (int)status, errorInfo.errorCode);
switch (status)
{
case nw_connection_state_preparing:
Expand Down Expand Up @@ -534,58 +525,60 @@ PALEXPORT void AppleCryptoNative_NwConnectionReceive(nw_connection_t connection,
}

// This wil get TLS details after handshake is finished
PALEXPORT int32_t AppleCryptoNative_GetConnectionInfo(nw_connection_t connection, PAL_SslProtocol* protocol, uint16_t* pCipherSuiteOut, char* negotiatedAlpn, int32_t* negotiatedAlpnLength)
PALEXPORT int32_t AppleCryptoNative_GetConnectionInfo(nw_connection_t connection, void* state, PAL_SslProtocol* protocol, uint16_t* pCipherSuiteOut, char* negotiatedAlpn, int32_t* negotiatedAlpnLength)
{
nw_protocol_metadata_t meta = nw_connection_copy_protocol_metadata(connection, _tlsDefinition);
if (meta != NULL)

if (meta == NULL)
{
sec_protocol_metadata_t secMeta = nw_tls_copy_sec_protocol_metadata(meta);
LOG_ERROR(state, "nw_connection_copy_protocol_metadata returned null");
return -1;
}

const char* alpn = sec_protocol_metadata_get_negotiated_protocol(secMeta);
if (alpn != NULL)
{
strcpy(negotiatedAlpn, alpn);
*negotiatedAlpnLength = (int32_t)strlen(alpn);
}
else
{
negotiatedAlpn[0] = '\0';
*negotiatedAlpnLength = 0;
}
sec_protocol_metadata_t secMeta = nw_tls_copy_sec_protocol_metadata(meta);

const char* alpn = sec_protocol_metadata_get_negotiated_protocol(secMeta);
if (alpn != NULL)
{
strcpy(negotiatedAlpn, alpn);
*negotiatedAlpnLength = (int32_t)strlen(alpn);
}
else
{
negotiatedAlpn[0] = '\0';
*negotiatedAlpnLength = 0;
}

tls_protocol_version_t version = sec_protocol_metadata_get_negotiated_tls_protocol_version(secMeta);
tls_protocol_version_t version = sec_protocol_metadata_get_negotiated_tls_protocol_version(secMeta);
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
switch (version)
{
case tls_protocol_version_TLSv10:
*protocol = PAL_SslProtocol_Tls10;
break;
case tls_protocol_version_TLSv11:
*protocol = PAL_SslProtocol_Tls11;
break;
case tls_protocol_version_TLSv12:
*protocol = PAL_SslProtocol_Tls12;
break;
case tls_protocol_version_TLSv13:
*protocol = PAL_SslProtocol_Tls13;
break;
case tls_protocol_version_DTLSv10:
case tls_protocol_version_DTLSv12:
default:
*protocol = PAL_SslProtocol_None;
break;
}
switch (version)
{
case tls_protocol_version_TLSv10:
*protocol = PAL_SslProtocol_Tls10;
break;
case tls_protocol_version_TLSv11:
*protocol = PAL_SslProtocol_Tls11;
break;
case tls_protocol_version_TLSv12:
*protocol = PAL_SslProtocol_Tls12;
break;
case tls_protocol_version_TLSv13:
*protocol = PAL_SslProtocol_Tls13;
break;
case tls_protocol_version_DTLSv10:
case tls_protocol_version_DTLSv12:
default:
*protocol = PAL_SslProtocol_None;
break;
}
#pragma clang diagnostic pop

*pCipherSuiteOut = sec_protocol_metadata_get_negotiated_tls_ciphersuite(secMeta);
*pCipherSuiteOut = sec_protocol_metadata_get_negotiated_tls_ciphersuite(secMeta);

nw_release(meta);
sec_release(secMeta);
return 0;
}

return -1;
nw_release(meta);
sec_release(secMeta);
return 0;
}

// this is called once to set everything up
Expand Down
Loading