Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS Resume with client certificates on Linux #102656

Merged
merged 16 commits into from
Jun 12, 2024
Merged

Support TLS Resume with client certificates on Linux #102656

Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
fabb9a3
Change SSL_CTX caching
rzikm May 23, 2024
5f30d11
Add failing test
rzikm May 23, 2024
c401a27
Revert "Add failing test"
rzikm May 23, 2024
af6a6d3
WIP, tests pass.
rzikm May 24, 2024
a495093
Update src/libraries/System.Net.Security/src/System/Net/Security/SslS…
rzikm May 24, 2024
ca364a7
Apply suggestions from code review
rzikm May 27, 2024
ea1e9fe
Move definition
rzikm May 27, 2024
13e6f92
Minor improvements
rzikm May 27, 2024
75ee95f
Add more tests
rzikm May 30, 2024
305ad23
Add more no-resume tests
rzikm May 31, 2024
70be46e
Move MsQuicConfiguration cache logic to common code
rzikm Jun 3, 2024
d15357d
Use shared cache code for client SSL_CTX cache
rzikm Jun 4, 2024
93b0239
Fix build
rzikm Jun 4, 2024
87aa086
Update src/libraries/Common/src/Interop/Unix/System.Security.Cryptogr…
rzikm Jun 6, 2024
856eeaa
Fix tests
rzikm Jun 6, 2024
0d65ed3
Fix test
rzikm Jun 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Revert "Add failing test" 
This reverts commit 5f30d11.
  • Loading branch information
@rzikm
rzikm committed May 23, 2024
commit c401a27661729b01ad8814d76b3257d53f661948
28 changes: 9 additions & 19 deletions src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamMutualAuthenticationTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
// The .NET Foundation licenses this file to you under the MIT license.

using System.IO;
using System.Collections.Generic;
using System.Threading.Tasks;
using System.Net.Test.Common;
using System.Security.Authentication;
Expand Down Expand Up @@ -116,19 +115,11 @@ public async Task SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTru
}
}
}
public static IEnumerable<object[]> SslProtocolsAndBoolData()
{
foreach (object[] protocol in new SslProtocolSupport.SupportedSslProtocolsTestData())
{
yield return new object[] { protocol[0], true };
yield return new object[] { protocol[0], false };
}
}

[ConditionalTheory(typeof(PlatformDetection), nameof(PlatformDetection.IsNotWindows7))]
[MemberData(nameof(SslProtocolsAndBoolData))]
[ClassData(typeof(SslProtocolSupport.SupportedSslProtocolsTestData))]
public async Task SslStream_CachedCredentials_IsMutuallyAuthenticatedCorrect(
SslProtocols protocol, bool startWithMtls)
SslProtocols protocol)
{
var clientOptions = new SslClientAuthenticationOptions
{
Expand All @@ -138,20 +129,18 @@ public async Task SslStream_CachedCredentials_IsMutuallyAuthenticatedCorrect(
TargetHost = Guid.NewGuid().ToString("N")
};

SslStreamCertificateContext context = SslStreamCertificateContext.Create(_serverCertificate, null);

for (int i = 0; i < 5; i++)
{
(SslStream client, SslStream server) = TestHelper.GetConnectedSslStreams();
using (client)
using (server)
{
bool expectMutualAuthentication = (i % 2) == (startWithMtls ? 0 : 1);
bool expectMutualAuthentication = (i % 2) == 0;

var serverOptions = new SslServerAuthenticationOptions
{
ClientCertificateRequired = expectMutualAuthentication,
ServerCertificateContext = context,
ServerCertificate = expectMutualAuthentication ? _serverCertificate : _selfSignedCertificate,
RemoteCertificateValidationCallback = delegate { return true; },
EnabledSslProtocols = protocol
};
Expand Down Expand Up @@ -204,6 +193,7 @@ public async Task SslStream_NegotiateClientCertificate_IsMutuallyAuthenticatedCo
ServerCertificateContext = context,
ClientCertificateRequired = false,
EnabledSslProtocols = SslProtocols.Tls12,

});

await TestConfiguration.WhenAllOrAnyFailedWithTimeout(t1, t2);
Expand Down Expand Up @@ -276,7 +266,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
}
else
{
Assert.Null(server.RemoteCertificate);
Assert.Null(server.RemoteCertificate);
}
};
}
Expand Down Expand Up @@ -330,7 +320,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
}
else
{
Assert.Null(server.RemoteCertificate);
Assert.Null(server.RemoteCertificate);
}
};
}
Expand Down Expand Up @@ -367,7 +357,7 @@ public async Task SslStream_ResumedSessionsCallbackMaybeSet_IsMutuallyAuthentica

if (expectMutualAuthentication)
{
clientOptions.LocalCertificateSelectionCallback = (s, t, l, r, a) => _clientCertificate;
clientOptions.LocalCertificateSelectionCallback = (s, t, l, r, a) => _clientCertificate;
}
else
{
Expand All @@ -388,7 +378,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
}
else
{
Assert.Null(server.RemoteCertificate);
Assert.Null(server.RemoteCertificate);
}
};
}
Expand Down