-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement part of SslCertificateTrust #55104
Conversation
Tagging subscribers to this area: @dotnet/ncl, @vcsjones Issue Detailsrelated to #54219 This also adds support for sending Distinguished Names on Windows.
|
Note regarding the This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change. |
src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs
Outdated
Show resolved
Hide resolved
src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs
Outdated
Show resolved
Hide resolved
src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs
Outdated
Show resolved
Hide resolved
src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs
Outdated
Show resolved
Hide resolved
src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs
Outdated
Show resolved
Hide resolved
src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs
Outdated
Show resolved
Hide resolved
src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/SslStreamCertificateContext.cs
Outdated
Show resolved
Hide resolved
feedback addressed, CI is clean. |
src/libraries/System.Net.Security/src/System/Net/Security/SslCertificateTrust.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/SslCertificateTrust.cs
Outdated
Show resolved
Hide resolved
...libraries/System.Net.Security/src/System/Net/Security/SslStreamCertificateContext.Windows.cs
Outdated
Show resolved
Hide resolved
|
||
if (errorCode != Interop.SECURITY_STATUS.OK) | ||
{ | ||
throw new Win32Exception((int)errorCode); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we be throwing something other than Win32Exception here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure. I look at the code around Acquire Credentials and it seems like that what we throw. I can check as we may perhaps wrap it.
Tests? |
As I mentioned tests are problematic on Windows as the handshake depends on registry setting and very recent Windows changes. I'll try to figure out something but for now I would like to defer it. More changes are still coming for #54219. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, small comments. Please do get another approval, I'm not an expert here, barely noob.
src/libraries/System.Net.Security/src/System/Net/Security/SslCertificateTrust.cs
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/SslCertificateTrust.cs
Show resolved
Hide resolved
mono build failures are independent. |
related to #54219
This adds approved API and uses provided certificate for managing trust.
I assume we don't need anything beyond chain.ChainPolicy.TrustMode, right @bartonjs?
This also adds support for sending Distinguished Names on Windows.
The caveat is that it depends on registry setting as well as very new Windows builds.
So testing is problematic and I did some manual preliminary test.