Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Annotate unsupported APIs in System.Net.Security #57097

Closed
buyaa-n opened this issue Aug 9, 2021 · 4 comments · Fixed by #80717
Closed

Annotate unsupported APIs in System.Net.Security #57097

buyaa-n opened this issue Aug 9, 2021 · 4 comments · Fixed by #80717
Labels
area-System.Net.Security
Milestone
8.0.0

Comments

@buyaa-n
Copy link
Contributor

buyaa-n commented Aug 9, 2021
edited
Loading

As part of #47228 running an analyzer to detect APIs throwing PNSE but have not being annotated with the any of Obsolete, SupportedOSPlatform, UnsupportedOSPlatform attributes, we need to annotate them so that developers get warnings when they use them unexpectedly

API Finding Reachable platforms Comment Suggestion Location
'NegotiateStreamPal.QueryContextClientSpecifiedSpn(SafeDeleteContext)' unconditionally throws PNSE reachable on iOS, OSX, Unix, Android internal API Might need unsupported annotations for these platforms Common\src\System\Net\Security\NegotiateStreamPal.Unix.cs(32,13)
'CipherSuitesPolicyPal.CipherSuitesPolicyPal(IEnumerable)' unconditionally throws PNSE reachable on Windows Internal API used by pulbic constructor CipherSuitesPolicy(IEnumerable allowedCipherSuites) Add Unsupported on windows System.Net.Security\src\System\Net\Security\CipherSuitesPolicyPal.Windows.cs(12,13)
'NegotiateStreamPal.QueryContextAssociatedName(SafeDeleteContext?)' unconditionally throws PNSE reachable on iOS, OSX, Unix, Android internal API Might need unsupported annotations for these platforms System.Net.Security\src\System\Net\Security\NegotiateStreamPal.Unix.cs(37,13)
'SslStreamPal.Renegotiate(ref SafeFreeCredentials?, ref SafeDeleteSslContext?, SslAuthenticationOptions, out byte[]?)' unconditionally throws PNSE reachable on Android unreferenced internal API Might be a dead code, or else add annotations System.Net.Security\src\System\Net\Security\SslStreamPal.Android.cs(50,13)
'SslStreamPal.Renegotiate(ref SafeFreeCredentials?, ref SafeDeleteSslContext?, SslAuthenticationOptions, out byte[]?)' unconditionally throws PNSE reachable on iOS, OSX, tvOS unreferenced internal API Might be a dead code, or else add annotations System.Net.Security\src\System\Net\Security\SslStreamPal.OSX.cs(57,13)

cc @jeffhandley @terrajobst @GrabYourPitchforks
@ghost
Copy link

ghost commented Aug 9, 2021

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

As part of #47228 running an analyzer to detect APIs throwing PNSE but have not being annotated with the any of Obsolete, SupportedOSPlatform, UnsupportedOSPlatform attributes, we need to annotate them so that developers get warnings when they use them unexpectedly

API Finding Reachable platforms Comment Suggestion Location
'NegotiateStreamPal.QueryContextClientSpecifiedSpn(SafeDeleteContext)' unconditionally throws PNSE reachable on iOS, OSX, Unix, Android internal API Might need unsupported annotations for these platforms Common\src\System\Net\Security\NegotiateStreamPal.Unix.cs(32,13)
'CipherSuitesPolicyPal.CipherSuitesPolicyPal(IEnumerable)' unconditionally throws PNSE reachable on Windows Internal API used by pulbic constructor CipherSuitesPolicy(IEnumerable allowedCipherSuites) Add Unsupported on windows System.Net.Security\src\System\Net\Security\CipherSuitesPolicyPal.Windows.cs(12,13)
'NegotiateStreamPal.QueryContextAssociatedName(SafeDeleteContext?)' unconditionally throws PNSE reachable on iOS, OSX, Unix, Android internal API Might need unsupported annotations for these platforms System.Net.Security\src\System\Net\Security\NegotiateStreamPal.Unix.cs(37,13)
'SslStreamPal.Renegotiate(ref SafeFreeCredentials?, ref SafeDeleteSslContext?, SslAuthenticationOptions, out byte[]?)' unconditionally throws PNSE reachable on Android Not sure, unreferenced internal API Might be a dead code, or else add annotations System.Net.Security\src\System\Net\Security\SslStreamPal.Android.cs(50,13)
'SslStreamPal.Renegotiate(ref SafeFreeCredentials?, ref SafeDeleteSslContext?, SslAuthenticationOptions, out byte[]?)' unconditionally throws PNSE reachable on iOS, OSX, tvOS Not sure, unreferenced internal API Might be a dead code, or else add annotations System.Net.Security\src\System\Net\Security\SslStreamPal.OSX.cs(57,13)

cc @jeffhandley @terrajobst @GrabYourPitchforks

Author: buyaa-n
Assignees: -
Labels:

area-System.Net.Security
Milestone: -

@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Aug 9, 2021
@wfurt
Copy link
Member

wfurt commented Aug 9, 2021

The Renegotiate shows up as public NegotiateClientCertificateAsync API.

CipherSuitePolicy works on macOS and Linux with certain versions of OpenSSL
https://docs.microsoft.com/en-us/dotnet/api/system.net.security.ciphersuitespolicy.-ctor?view=net-5.0

@ManickaP
Copy link
Member

Triage: @jeffhandley How critical is this for 6.0? This is coming in quite hot, 1 week before ZBB.

@jeffhandley
Copy link
Member

It's OK to punt this out to 7.0.

@ManickaP ManickaP removed the untriaged New issue has not been triaged by the area owner label Aug 10, 2021
@ManickaP ManickaP modified the milestones: 7.0.0, Future Aug 10, 2021
@wfurt wfurt modified the milestones: Future, 8.0.0 Nov 16, 2022
@wfurt wfurt mentioned this issue Jan 16, 2023
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Jan 16, 2023
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Jan 18, 2023
@ghost ghost locked as resolved and limited conversation to collaborators Feb 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Net.Security
Projects
None yet
Milestone
8.0.0
Development

Successfully merging a pull request may close this issue.

add unsupported attributes to System.Net.Security wfurt/runtime
4 participants
@jeffhandley @ManickaP @wfurt @buyaa-n