Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix | Exclude unsupported protocols #1168

Merged
merged 8 commits into from
Aug 23, 2021
Merged

Fix | Exclude unsupported protocols #1168

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
9223d3c
Add supported protocols
Jul 13, 2021
f15aab5
Merge remote-tracking branch 'UpStream/main' into FixTLSIssue
Jul 13, 2021
8f1199f
Adress comments
Jul 14, 2021
002bf76
Merge remote-tracking branch 'UpStream/main' into GHIssue/TLSIssue#1151
Jul 14, 2021
a8eec6f
Merge remote-tracking branch 'UpStream/main' into GHIssue/TLSIssue#1151
Jul 23, 2021
53cc74f
Add support the switch
Jul 28, 2021
dcaab15
Address comments
Jul 30, 2021
7fdb9d2
Apply suggestions from code review
DavoudEshtehari Jul 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions BUILDGUIDE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,12 @@ To use this feature, you must enable the following AppContext switch at applicat

**"Switch.Microsoft.Data.SqlClient.LegacyRowVersionNullBehavior"**

## Enabling OS secure protocols preference

Tls 1.3 has been taken out in view of the fact that the driver lacks full support. To jump back on the OS preferences as same as earlier, you must enable the following AppContext switch on application's startup:
DavoudEshtehari marked this conversation as resolved.
Show resolved Hide resolved

**"Switch.Microsoft.Data.SqlClient.EnableSecureProtocolsByOS"**
cheenamalhotra marked this conversation as resolved.
Show resolved Hide resolved

## Debugging SqlClient on Linux from Windows

For enhanced developer experience, we support debugging SqlClient on Linux from Windows, using the project "**Microsoft.Data.SqlClient.DockerLinuxTest**" that requires "Container Tools" to be enabled in Visual Studio. You may import configuration: [VS19Components.vsconfig](./tools/vsconfig/VS19Components.vsconfig) if not enabled already.
Expand Down
4 changes: 2 additions & 2 deletions src/Microsoft.Data.SqlClient/netcore/src/Interop/SNINativeMethodWrapper.Windows.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ internal struct SNI_Error
private static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum);

[DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
private static extern uint SNIInitialize([In] IntPtr pmo);
private static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo);

[DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
private static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn);
Expand Down Expand Up @@ -340,7 +340,7 @@ internal static uint SniGetConnectionIPString(SNIHandle pConn, ref string connIP

internal static uint SNIInitialize()
{
return SNIInitialize(IntPtr.Zero);
return SNIInitialize(LocalAppContextSwitches.EnableSecureProtocolsByOS, IntPtr.Zero);
}

internal static unsafe uint SNIOpenMarsSession(ConsumerInfo consumerInfo, SNIHandle parent, ref IntPtr pConn, bool fSync, SqlConnectionIPAddressPreference ipPreference, SQLDNSInfo cachedDNSInfo)
Expand Down
11 changes: 11 additions & 0 deletions src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIHandle.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
// See the LICENSE file in the project root for more information.

using System;
using System.Security.Authentication;

namespace Microsoft.Data.SqlClient.SNI
{
Expand All @@ -11,6 +12,16 @@ namespace Microsoft.Data.SqlClient.SNI
/// </summary>
internal abstract class SNIHandle
{
/// <summary>
/// Exclude Tls 1.3 (not fully supported).
DavoudEshtehari marked this conversation as resolved.
Show resolved Hide resolved
/// </summary>
protected readonly SslProtocols SupportedProtocols = LocalAppContextSwitches.EnableSecureProtocolsByOS ? SslProtocols.None : SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls
//protected readonly SslProtocols SupportedProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls
#pragma warning disable CS0618 // Type or member is obsolete
| SslProtocols.Ssl2 | SslProtocols.Ssl3
#pragma warning restore CS0618 // Type or member is obsolete
;

/// <summary>
/// Dispose class
/// </summary>
Expand Down
3 changes: 1 addition & 2 deletions src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNINpHandle.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,8 +355,7 @@ public override uint EnableSsl(uint options)
_validateCert = (options & TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE) != 0;
try
{

_sslStream.AuthenticateAsClient(_targetServer);
_sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, true);
cheenamalhotra marked this conversation as resolved.
Show resolved Hide resolved
_sslOverTdsStream.FinishHandshake();
}
catch (AuthenticationException aue)
Expand Down
2 changes: 1 addition & 1 deletion src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNITcpHandle.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -587,7 +587,7 @@ public override uint EnableSsl(uint options)

try
{
_sslStream.AuthenticateAsClient(_targetServer);
_sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, true);
_sslOverTdsStream.FinishHandshake();
}
catch (AuthenticationException aue)
Expand Down
6 changes: 1 addition & 5 deletions ...crosoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,14 +421,10 @@ internal override uint WaitForSSLHandShakeToComplete(out int protocolVersion)
protocolVersion = (int)SslProtocols.Ssl2;
#pragma warning restore CS0618 // Type or member is obsolete : SSL is depricated
}
else if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))
else //if (nativeProtocol.HasFlag(NativeProtocols.SP_PROT_NONE))
{
protocolVersion = (int)SslProtocols.None;
}
else
{
throw new ArgumentException(StringsHelper.Format(StringsHelper.net_invalid_enum, nameof(NativeProtocols)), nameof(NativeProtocols));
}
return returnValue;
}

Expand Down
2 changes: 1 addition & 1 deletion src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ internal static class SNINativeManagedWrapperX64
internal static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum);

[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIInitialize")]
internal static extern uint SNIInitialize([In] IntPtr pmo);
internal static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo);

[DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
internal static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn);
Expand Down
2 changes: 1 addition & 1 deletion src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ internal static class SNINativeManagedWrapperX86
internal static extern uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapper.QTypes QType, out ProviderEnum provNum);

[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIInitialize")]
internal static extern uint SNIInitialize([In] IntPtr pmo);
internal static extern uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo);

[DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
internal static extern uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn);
Expand Down
8 changes: 4 additions & 4 deletions src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -585,11 +585,11 @@ private static uint SNIGetInfoWrapper([In] SNIHandle pConn, SNINativeMethodWrapp
SNINativeManagedWrapperX86.SNIGetInfoWrapper(pConn, QType, out provNum);
}

private static uint SNIInitialize([In] IntPtr pmo)
private static uint SNIInitialize([In] bool enableSecureProtocolsByOS, [In] IntPtr pmo)
{
return s_is64bitProcess ?
SNINativeManagedWrapperX64.SNIInitialize(pmo) :
SNINativeManagedWrapperX86.SNIInitialize(pmo);
SNINativeManagedWrapperX64.SNIInitialize(enableSecureProtocolsByOS, pmo) :
SNINativeManagedWrapperX86.SNIInitialize(enableSecureProtocolsByOS, pmo);
}

private static uint SNIOpenSyncExWrapper(ref SNI_CLIENT_CONSUMER_INFO pClientConsumerInfo, out IntPtr ppConn)
Expand Down Expand Up @@ -757,7 +757,7 @@ internal static uint SniGetConnectionIPString(SNIHandle pConn, ref string connIP

internal static uint SNIInitialize()
{
return SNIInitialize(IntPtr.Zero);
return SNIInitialize(LocalAppContextSwitches.EnableSecureProtocolsByOS, IntPtr.Zero);
}

internal static unsafe uint SNIOpenMarsSession(ConsumerInfo consumerInfo, SNIHandle parent, ref IntPtr pConn, bool fSync, SqlConnectionIPAddressPreference ipPreference, SQLDNSInfo cachedDNSInfo)
Expand Down
28 changes: 22 additions & 6 deletions src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/LocalAppContextSwitches.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,13 @@ internal static partial class LocalAppContextSwitches
private const string TypeName = nameof(LocalAppContextSwitches);
internal const string MakeReadAsyncBlockingString = @"Switch.Microsoft.Data.SqlClient.MakeReadAsyncBlocking";
internal const string LegacyRowVersionNullString = @"Switch.Microsoft.Data.SqlClient.LegacyRowVersionNullBehavior";
internal const string EnableSecureProtocolsByOSString = @"Switch.Microsoft.Data.SqlClient.EnableSecureProtocolsByOS";
// safety switch
internal const string EnableRetryLogicSwitch = "Switch.Microsoft.Data.SqlClient.EnableRetryLogic";

private static bool _makeReadAsyncBlocking;
private static bool? s_LegacyRowVersionNullBehavior;
private static bool? s_EnableSecureProtocolsByOS;
private static bool? s_isRetryEnabled = null;

#if !NETFRAMEWORK
Expand Down Expand Up @@ -70,15 +72,29 @@ public static bool LegacyRowVersionNullBehavior
{
if (s_LegacyRowVersionNullBehavior is null)
{
bool value = false;
if (AppContext.TryGetSwitch(LegacyRowVersionNullString, out bool providedValue))
{
value = providedValue;
}
s_LegacyRowVersionNullBehavior = value;
bool result;
result = AppContext.TryGetSwitch(LegacyRowVersionNullString, out result) ? result : false;
s_LegacyRowVersionNullBehavior = result;
}
return s_LegacyRowVersionNullBehavior.Value;
}
}

/// <summary>
/// For backward compatibility, this switch can be on to jump back on OS preferences.
/// </summary>
public static bool EnableSecureProtocolsByOS
{
get
{
if (s_EnableSecureProtocolsByOS is null)
{
bool result;
result = AppContext.TryGetSwitch(EnableSecureProtocolsByOSString, out result) ? result : false;
s_EnableSecureProtocolsByOS = result;
}
return s_EnableSecureProtocolsByOS.Value;
}
}
}
}