Unify certificate chain building between SslStream and WinHttpHandler #115761
Conversation
dotnet-policy-service
bot
added
the
linkable-framework
Co-authored-by: liveans <[email protected]>
Co-authored-by: liveans <[email protected]>
SslStream and WinHttpHandler
|
/azp run runtime-libraries-coreclr outerloop-windows |
|
Azure Pipelines successfully started running 1 pipeline(s). |
jkotas
added
area-System.Net.Http
and removed
linkable-framework
|
Tagging subscribers to this area: @dotnet/ncl |
liveans
left a comment
liveans
left a comment
There was a problem hiding this comment.
@copilot Seems like code has unnecessary trailing/leading whitespaces, which causes build failures.
Also, you should be aware that WinHttpHandler is shared code between .NET and .NET Framework, and some of the APIs we're currently using Marshal.GetLastPInvokeError in Common\System\Net\Security\CertificateValidation.Windows.cs which doesn't exist on .NET Framework, we might need to do some changes here.
src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpRequestCallback.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpRequestCallback.cs
Outdated
Show resolved
Hide resolved
Co-authored-by: liveans <[email protected]>
Fixed the whitespace issues in be4a4e4. Removed trailing spaces and reformatted the code to maintain consistent style. Regarding the .NET Framework compatibility, I understand that we may need additional changes to handle the Warning Firewall rules blocked me from connecting to one or more addressesI tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Please address this issue as well, be aware that current usage should not change for .NET, we should only handle this case for .NET Framework. |
Co-authored-by: liveans <[email protected]>
Added conditional compilation in c6a5f9d to handle the Warning Firewall rules blocked me from connecting to one or more addressesI tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/FakeX509Certificates.cs
Outdated
Show resolved
Hide resolved
Co-authored-by: krwq <[email protected]>
...tem.Net.Http.WinHttpHandler/tests/UnitTests/System.Net.Http.WinHttpHandler.Unit.Tests.csproj
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/FakeX509Certificates.cs
Outdated
Show resolved
Hide resolved
Co-authored-by: liveans <[email protected]>
|
/azp run runtime-libraries-coreclr outerloop-windows |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/ba-g Cancelled jobs (failed according to build analysis) are linux, although this change is windows only. Unrelated failures. |
|
Outerloop failures are also unrelated. |
…#115761) * Initial plan for issue * Update WinHttpRequestCallback to use CertificateValidation Co-authored-by: liveans <[email protected]> * Remove unused WinHttpCertificateHelper.cs file Co-authored-by: liveans <[email protected]> * Fix formatting issues in WinHttpRequestCallback.cs Co-authored-by: liveans <[email protected]> * Fix compatibility with .NET Framework by using GetLastWin32Error Co-authored-by: liveans <[email protected]> * Fix FakeX509Certificates.cs to clarify empty namespace Co-authored-by: krwq <[email protected]> * Remove unnecessary code per review comments Co-authored-by: liveans <[email protected]> --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: liveans <[email protected]> Co-authored-by: krwq <[email protected]>
This PR unifies the certificate chain building logic between
SslStreamandWinHttpHandlerby replacing the duplicate implementation inWinHttpCertificateHelper.cswith the shared implementation fromCertificateValidation.Windows.cs.Changes
WinHttpCertificateHelper.cswhich contained duplicate certificate chain building logicWinHttpRequestCallback.csto use the shared implementation inCertificateValidation.BuildChainAndVerifyPropertiesCertificateValidation.Windows.csThis change makes the codebase more consistent, reduces duplication, and simplifies future maintenance of certificate validation logic.
Fixes #113468.
Warning
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
dc.services.visualstudio.com/home/REDACTED/work/runtime/runtime/.dotnet/dotnet msbuild /m /nologo /clp:Summary /v:minimal /nr:true /warnaserror /p:TreatWarningsAsErrors=true /p:ContinuousIntegrationBuild=false /home/REDACTED/work/runtime/runtime/artifacts/toolset/restore.proj /t:__WriteToolsetLocation /clp:ErrorsOnly;NoSummary /p:__ToolsetLocationOutputFile=/home/REDACTED/work/runtime/runtime/artifacts/toolset/10.0.0-beta.25260.104.txt(dns block)pkgs.dev.azure.com/home/REDACTED/work/runtime/runtime/.dotnet/dotnet msbuild /m /nologo /clp:Summary /v:minimal /nr:true /warnaserror /p:TreatWarningsAsErrors=true /p:ContinuousIntegrationBuild=false /home/REDACTED/work/runtime/runtime/artifacts/toolset/restore.proj /t:__WriteToolsetLocation /clp:ErrorsOnly;NoSummary /p:__ToolsetLocationOutputFile=/home/REDACTED/work/runtime/runtime/artifacts/toolset/10.0.0-beta.25260.104.txt(dns block)If you need me to access, download, or install something from one of these locations, you can either:
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.