Merge pull request #45 from rabbitmq/bug-ssl-version-check

Revert client authentication changes in 36efc00

Author: michaelklishin

projects/client/RabbitMQ.Client/src/client/api/SslHelper.cs

@@ -72,13 +72,7 @@ public static Stream TcpUpgrade(Stream tcpStream, SslOption sslOption)
 
             var sslStream = new SslStream(tcpStream, false, remoteCertValidator, localCertSelector);
 
-            if(sslOption.Certs == null || sslOption.Certs.Count == 0)
-            {
-                sslStream.AuthenticateAsClient(sslOption.ServerName);
-            } else
-            {
-                sslStream.AuthenticateAsClient(sslOption.ServerName, sslOption.Certs, sslOption.Version, false);
-            }
+            sslStream.AuthenticateAsClient(sslOption.ServerName, sslOption.Certs, sslOption.Version, false);
 
             return sslStream;
         }

projects/client/Unit/src/unit/TestSsl.cs

@@ -41,7 +41,9 @@
 using NUnit.Framework;
 using System;
 using System.Net.Security;
+using System.Security.Authentication;
 using RabbitMQ.Client;
+using RabbitMQ.Client.Exceptions;
 
 namespace RabbitMQ.Client.Unit
 {
@@ -92,6 +94,22 @@ public void TestServerVerified() {
             SendReceive(cf);
         }
 
+        [Test]
+        public void TestVersionVerified() {
+            string sslDir = Environment.GetEnvironmentVariable("SSL_CERTS_DIR");
+            if (null == sslDir) return;
+
+            ConnectionFactory cf = new ConnectionFactory();
+            cf.Ssl.Version = SslProtocols.Ssl2;
+            cf.Ssl.AcceptablePolicyErrors = (SslPolicyErrors)~0;
+            cf.Ssl.ServerName = "*";
+            cf.Ssl.Enabled = true;
+            Assert.Throws<BrokerUnreachableException>(() => SendReceive(cf));
+
+            cf.Ssl.Version = SslProtocols.Default;
+            Assert.DoesNotThrow(() => SendReceive(cf));
+        }
+
         [Test]
         public void TestClientAndServerVerified() {
             string sslDir = Environment.GetEnvironmentVariable("SSL_CERTS_DIR");