Http/3 client certificates #35308
Merged
Http/3 client certificates #35308
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
the
wtgodbe
reviewed
Aug 12, 2021
src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs
Outdated
Show resolved
Hide resolved
wtgodbe
reviewed
Aug 12, 2021
JamesNK
reviewed
Aug 12, 2021
Comment on lines
+32
to
+33
| // httpsOptions.ClientCertificateMode = ClientCertificateMode.AllowCertificate; | ||
| // httpsOptions.AllowAnyClientCertificate(); |
There was a problem hiding this comment.
I left them intentionally for anyone working with client certs.
src/Servers/Kestrel/test/Interop.FunctionalTests/Http3/Http3TlsTests.cs
Outdated
Show resolved
Hide resolved
src/Servers/Kestrel/test/Interop.FunctionalTests/Http3/Http3TlsTests.cs
Outdated
Show resolved
Hide resolved
| { | ||
| httpsOptions.ServerCertificate = TestResources.GetTestCertificate(); | ||
| httpsOptions.ClientCertificateMode = mode; | ||
| // httpsOptions.AllowAnyClientCertificate(); // The self-signed cert is invalid. Let it fail the default checks. |
There was a problem hiding this comment.
This is the only line that's different from the prior test so I wanted to call it out rather than delete it.
src/Servers/Kestrel/test/Interop.FunctionalTests/Http3/Http3TlsTests.cs
Outdated
Show resolved
Hide resolved
Comment on lines
+9
to
+10
| // Console.WriteLine("Ready"); | ||
| // Console.ReadKey(); |
There was a problem hiding this comment.
Yeah, these are useful if you try to debug the Http3SampleApp. You either have to start the client first and then debug the server, or start both with debugging enabled on the server, and this pause lets you wait until the server is ready.
JamesNK
approved these changes
Aug 12, 2021
amcasey
added
area-networking
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributes to #34858
They happy path works well, you can ask for a certificate, validate it, and consume it.
The unhappy path is very unhappy.