From f275edb3d8ae7ef85ee5773007b17b92aff175a0 Mon Sep 17 00:00:00 2001 From: Tomas Weinfurt Date: Sun, 17 Jul 2022 07:02:19 -0700 Subject: [PATCH] fix assert in ssl options clone (#72326) * fix assert in ssl options clone * add CertificateChainPolicy * remove extra assert --- .../Common/src/System/Net/Security/CertificateHelper.cs | 8 ++++---- .../Security/SslClientAuthenticationOptionsExtensions.cs | 1 + .../src/System/Net/Http/HttpClientHandler.cs | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs b/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs index 24b323d6f6e14..e2bc4e7c6196c 100644 --- a/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs +++ b/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs @@ -13,9 +13,9 @@ internal static partial class CertificateHelper { private const string ClientAuthenticationOID = "1.3.6.1.5.5.7.3.2"; - internal static X509Certificate2? GetEligibleClientCertificate(X509CertificateCollection candidateCerts) + internal static X509Certificate2? GetEligibleClientCertificate(X509CertificateCollection? candidateCerts) { - if (candidateCerts.Count == 0) + if (candidateCerts == null || candidateCerts.Count == 0) { return null; } @@ -26,9 +26,9 @@ internal static partial class CertificateHelper return GetEligibleClientCertificate(certs); } - internal static X509Certificate2? GetEligibleClientCertificate(X509Certificate2Collection candidateCerts) + internal static X509Certificate2? GetEligibleClientCertificate(X509Certificate2Collection? candidateCerts) { - if (candidateCerts.Count == 0) + if (candidateCerts == null || candidateCerts.Count == 0) { return null; } diff --git a/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs b/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs index c6a2a9faf10d2..6986db314b93f 100644 --- a/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs +++ b/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs @@ -19,6 +19,7 @@ public static SslClientAuthenticationOptions ShallowClone(this SslClientAuthenti AllowRenegotiation = options.AllowRenegotiation, ApplicationProtocols = options.ApplicationProtocols != null ? new List(options.ApplicationProtocols) : null, CertificateRevocationCheckMode = options.CertificateRevocationCheckMode, + CertificateChainPolicy = options.CertificateChainPolicy, CipherSuitesPolicy = options.CipherSuitesPolicy, ClientCertificates = options.ClientCertificates, EnabledSslProtocols = options.EnabledSslProtocols, diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs b/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs index 623a7f02efe22..b1946ac433118 100644 --- a/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs +++ b/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs @@ -222,7 +222,7 @@ public ClientCertificateOption ClientCertificateOptions #else ThrowForModifiedManagedSslOptionsIfStarted(); _clientCertificateOptions = value; - _underlyingHandler.SslOptions.LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) => CertificateHelper.GetEligibleClientCertificate(ClientCertificates)!; + _underlyingHandler.SslOptions.LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) => CertificateHelper.GetEligibleClientCertificate(_underlyingHandler.SslOptions.ClientCertificates)!; #endif break;