diff options
| author | Stephen Halter <halter73@gmail.com> | 2020-08-05 18:28:13 +0300 |
|---|---|---|
| committer | Stephen Halter <halter73@gmail.com> | 2020-08-05 18:28:13 +0300 |
| commit | 94e9d3fd3b91ce69bc7356b466af9d3ad6dddfa5 (patch) | |
| tree | fe2afc140e6e3a962767138334272ae6ed923e50 | |
| parent | ddfed3e4ab46e9f28577027a27c0a53e6ee7cb93 (diff) | |
Try some new thingshalter73/15144-test
| -rw-r--r-- | src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs | 62 | ||||
| -rw-r--r-- | src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs | 1 |
2 files changed, 41 insertions, 22 deletions
diff --git a/src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs b/src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs index 16e28edfc4..2a08c90a7d 100644 --- a/src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs +++ b/src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs @@ -18,6 +18,7 @@ using Microsoft.AspNetCore.Http.Features; using Microsoft.AspNetCore.Server.Kestrel.Core; using Microsoft.AspNetCore.Server.Kestrel.Core.Features; using Microsoft.AspNetCore.Server.Kestrel.Core.Internal; +using Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates; using Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging.Abstractions; @@ -46,6 +47,13 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Https.Internal private readonly HttpsOptionsCallback _httpsOptionsCallback; private readonly object _httpsOptionsCallbackState; + public HttpsConnectionMiddleware(Func<ConnectionContext, string, X509Certificate2> func) + { + _options = new HttpsConnectionAdapterOptions(); + _serverCertificate = new X509Certificate2(); + _serverCertificateSelector = func; + } + public HttpsConnectionMiddleware(ConnectionDelegate next, HttpsConnectionAdapterOptions options) : this(next, options, loggerFactory: NullLoggerFactory.Instance) { @@ -68,33 +76,43 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Https.Internal _logger = loggerFactory.CreateLogger<HttpsConnectionMiddleware>(); // Something like the following should work allowing the removal of HttpsConnectionAdapterOptions-specific code paths, but there's an SslStream bug when "ClientCertificateRequired = true" on Windows. :( - //var sniOptionsSelector = new SniOptionsSelector("", new Dictionary<string, SniConfig> { { "*", new SniConfig() } }, new NoopCertificateConfigLoader(), options, options.HttpProtocols, _logger); - //_httpsOptionsCallback = SniOptionsSelector.OptionsCallback; - //_httpsOptionsCallbackState = sniOptionsSelector; - //_sslStreamFactory = s => new SslStream(s); + var sniOptionsSelector = new SniOptionsSelector("", new Dictionary<string, SniConfig> { { "*", new SniConfig() } }, new NoopCertificateConfigLoader(), options, options.HttpProtocols, _logger); + _httpsOptionsCallback = SniOptionsSelector.OptionsCallback; + _httpsOptionsCallbackState = sniOptionsSelector; + _sslStreamFactory = s => new SslStream(s); - _options = options; - _options.HttpProtocols = ValidateAndNormalizeHttpProtocols(_options.HttpProtocols, _logger); + //_options = options; + //_options.HttpProtocols = ValidateAndNormalizeHttpProtocols(_options.HttpProtocols, _logger); - // capture the certificate now so it can't be switched after validation - _serverCertificate = options.ServerCertificate; - _serverCertificateSelector = options.ServerCertificateSelector; + //// capture the certificate now so it can't be switched after validation + //_serverCertificate = options.ServerCertificate; + //_serverCertificateSelector = options.ServerCertificateSelector; - // If a selector is provided then ignore the cert, it may be a default cert. - if (_serverCertificateSelector != null) - { - // SslStream doesn't allow both. - _serverCertificate = null; - } - else - { - EnsureCertificateIsAllowedForServerAuth(_serverCertificate); - } + //// If a selector is provided then ignore the cert, it may be a default cert. + //if (_serverCertificateSelector != null) + //{ + // // SslStream doesn't allow both. + // _serverCertificate = null; + //} + //else + //{ + // EnsureCertificateIsAllowedForServerAuth(_serverCertificate); + //} + + //var remoteCertificateValidationCallback = _options.ClientCertificateMode == ClientCertificateMode.NoCertificate ? + // (RemoteCertificateValidationCallback)null : RemoteCertificateValidationCallback; + + //_sslStreamFactory = s => new SslStream(s, leaveInnerStreamOpen: false, userCertificateValidationCallback: remoteCertificateValidationCallback); + } - var remoteCertificateValidationCallback = _options.ClientCertificateMode == ClientCertificateMode.NoCertificate ? - (RemoteCertificateValidationCallback)null : RemoteCertificateValidationCallback; + private class NoopCertificateConfigLoader : ICertificateConfigLoader + { + public bool SkipValidation => false; - _sslStreamFactory = s => new SslStream(s, leaveInnerStreamOpen: false, userCertificateValidationCallback: remoteCertificateValidationCallback); + public X509Certificate2 LoadCertificate(CertificateConfig certInfo, string endpointName) + { + return null; + } } internal HttpsConnectionMiddleware( diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs index f1d13ed7e3..3134bcc358 100644 --- a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs +++ b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs @@ -180,6 +180,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.InMemory.FunctionalTests // Not to mention this is equivalent to the test above. ClientCertificateRequired = true, RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true, + CertificateRevocationCheckMode = X509RevocationMode.NoCheck }), state: null, HttpsConnectionAdapterOptions.DefaultHandshakeTimeout); } |