-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add X509 SAN extension and RFC6125 MatchesHostname #72304
Conversation
Note regarding the This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change. |
Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones Issue DetailsFixes #22699.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And OidLookup.NoFallback.cs needs to be updated to make macOS happy.
....Security.Cryptography.X509Certificates/tests/ExtensionsTests/SubjectAlternativeNameTests.cs
Show resolved
Hide resolved
....Security.Cryptography.X509Certificates/tests/ExtensionsTests/SubjectAlternativeNameTests.cs
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography.X509Certificates/tests/MatchesHostnameTests.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography.X509Certificates/tests/MatchesHostnameTests.cs
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs
Outdated
Show resolved
Hide resolved
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
Show resolved
Hide resolved
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
Show resolved
Hide resolved
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
Show resolved
Hide resolved
Should this PR be |
I went ahead and marked it as such, since the EKU check can be done by X509Chain. There's probably still room for ease of use there, but I'll let it come back as a separate proposal. |
....Security.Cryptography.X509Certificates/tests/ExtensionsTests/SubjectAlternativeNameTests.cs
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography.X509Certificates/tests/MatchesHostnameTests.cs
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography.X509Certificates/tests/MatchesHostnameTests.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography.X509Certificates/tests/MatchesHostnameTests.cs
Show resolved
Hide resolved
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
Outdated
Show resolved
Hide resolved
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
Outdated
Show resolved
Hide resolved
* Clarify the position on SRV-ID and URI-ID matching in API docs and tests * Add some more IPv6 tests * Delete a now-redundant test * Change a dead if to an assert.
Fixes #22699.
Fixes #59870.