Tcpip listener sockets SSL streams so much confusion

Question

I am trying to code up a tcpip server using .NET. Looking at the threads on this site the general consensus seems to be use some variation of the .NET 3.5 SocketArgs classes

Answer 1

Once you have a connected Socket, it's not a very complicated setup to get SSL to work on the socket. First, you'll need to allocate a NetworkStream object by using the constructor that takes the Socket as the parameter. Then, I created an SslStream object by using the constructor that takes (NetworkStream, bool, RemoteCertificateValidationCallback). Then, you need to either call AuthenticateAsServer or AuthenticateAsClient. Here's a sample:

private SslStream WrapSocket(Socket socket)
{
  var myNetworkStream = new NetworkStream(socket);
  var mySslStream = new SslStream(myNetworkStream, false, OnCertificateValidation);
  mySslStream.AuthenticateAsClient(String.Empty);
}

private static bool OnCertificateValidation (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
  return true; // NOT RECOMMENDED FOR PRODUCTION CODE
}

Then I just do all my normal communication using the SslStream that was returned. The server half of the code isn't that much more complicated once you have a .CER file already. Replace the AuthenticateAsClient call with the following 2 lines:

var certificate = X509Certificate.CreateFromCertFile("my.cer");
mySslStream.AuthenticateAsServer(certificate);