diff options
| author | Jeremy Barton <jbarton@microsoft.com> | 2017-05-18 20:44:01 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-18 20:44:01 +0300 |
| commit | e70fd2b05b8ce309042dc24e74ebe2a4318524d6 (patch) | |
| tree | 471efa91c8fc008a131a359b998b9fceeb0ec466 /Documentation | |
| parent | 86f08b4298b651bdf22dc427d8d4231a43a7ada1 (diff) | |
Make all X509Store.Open exceptions be CryptographicException. (#19844)
The platform limitations are now
CryptographicException(PlatformNotSupportedException) instead of PNSE.
This should restore some user expectation around the exception model, given
that the call to Open can be delayed from the call to an X509Store .ctor.
This also softens the exceptions from the Disallowed store on Linux to let empty
reads succeed, only writes and pre-populated data will fail.
Updated the X509Store table in the xplat crypto doc.
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/project-docs/cross-platform-cryptography.md | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/Documentation/project-docs/cross-platform-cryptography.md b/Documentation/project-docs/cross-platform-cryptography.md index 24182a18c3..2d2e9a9b1d 100644 --- a/Documentation/project-docs/cross-platform-cryptography.md +++ b/Documentation/project-docs/cross-platform-cryptography.md @@ -213,26 +213,27 @@ On macOS the X509Store class is a projection of system trust decisions (read-onl | Open CurrentUser\My (ReadOnly) | :white_check_mark: | :white_check_mark: | :white_check_mark: | | Open CurrentUser\My (ReadWrite) | :white_check_mark: | :white_check_mark: | :white_check_mark: | | Open CurrentUser\My (ExistingOnly) | :white_check_mark: | :question: | :white_check_mark: | -| Open LocalMachine\My | :white_check_mark: | `PlatformNotSupportedException` | :white_check_mark: | +| Open LocalMachine\My | :white_check_mark: | `CryptographicException` | :white_check_mark: | | Open CurrentUser\Root (ReadOnly) | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| Open CurrentUser\Root (ReadWrite) | :white_check_mark: | :white_check_mark: | `PlatformNotSupportedException` | +| Open CurrentUser\Root (ReadWrite) | :white_check_mark: | :white_check_mark: | `CryptographicException` | | Open CurrentUser\Root (ExistingOnly) | :white_check_mark: | :question: | :white_check_mark: (if ReadOnly) | | Open LocalMachine\Root (ReadOnly) | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| Open LocalMachine\Root (ReadWrite) | :white_check_mark: | `PlatformNotSupportedException` | `PlatformNotSupportedException` | +| Open LocalMachine\Root (ReadWrite) | :white_check_mark: | `CryptographicException` | `CryptographicException` | | Open LocalMachine\Root (ExistingOnly) | :white_check_mark: | :question: | :white_check_mark: (if ReadOnly) | -| Open CurrentUser\Disallowed (ReadOnly) | :white_check_mark: | :question: | `PlatformNotSupportedException` | -| Open CurrentUser\Disallowed (ReadWrite) | :white_check_mark: | :question: | `PlatformNotSupportedException` | -| Open CurrentUser\Disallowed (ExistingOnly) | :white_check_mark: | :question: | `PlatformNotSupportedException` | -| Open LocalMachine\Disallowed (ReadOnly) | :white_check_mark: | :question: | `PlatformNotSupportedException` | -| Open LocalMachine\Disallowed (ReadWrite) | :white_check_mark: | :question: | `PlatformNotSupportedException` | -| Open LocalMachine\Disallowed (ExistingOnly) | :white_check_mark: | :question: | `PlatformNotSupportedException`) | +| Open CurrentUser\Disallowed (ReadOnly) | :white_check_mark: | :question: | :white_check_mark: | +| Open CurrentUser\Disallowed (ReadWrite) | :white_check_mark: | :question: | `CryptographicException` | +| Open CurrentUser\Disallowed (ExistingOnly) | :white_check_mark: | :question: | :white_check_mark: (if ReadOnly) | +| Open LocalMachine\Disallowed (ReadOnly) | :white_check_mark: | `CryptographicException` | :white_check_mark: | +| Open LocalMachine\Disallowed (ReadWrite) | :white_check_mark: | `CryptographicException` | `CryptographicException` | +| Open LocalMachine\Disallowed (ExistingOnly) | :white_check_mark: | `CryptographicException` | :white_check_mark: (if ReadOnly) | | Open non-existant store (ExistingOnly) | `CryptographicException` | `CryptographicException` | `CryptographicException` | -| Open CurrentUser non-existant store (ReadWrite) | :white_check_mark: | :white_check_mark: | `PlatformNotSupportedException` | -| Open LocalMachine non-existant store (ReadWrite) | :white_check_mark: | `PlatformNotSupportedException` | `PlatformNotSupportedException` | +| Open CurrentUser non-existant store (ReadWrite) | :white_check_mark: | :white_check_mark: | `CryptographicException` | +| Open LocalMachine non-existant store (ReadWrite) | :white_check_mark: | `CryptographicException` | `CryptographicException` | On Linux stores are created on first-write, and no user stores exist by default, so opening CurrentUser\My with ExistingOnly may fail. -On Linux the Disallowed store is not used in chain building, and attempting to open it will result in a `PlatformNotSupportedException` being thrown. +On Linux the Disallowed store is not used in chain building, and attempting to add contents to it will result in a `CryptographicException` being thrown. +A `CryptographicException` will be thrown when opening the Disallowed store on Linux if it has already acquired contents. The LocalMachnie\Root store on Linux is an interpretation of the CA bundle in the default path for OpenSSL. The LocalMachine\Intermediate store on Linux is an interpretation of the CA bundle in the default path for OpenSSL. |