Skip to content

Commit

Permalink
Revert "throw PNSE for unsupported SSL options in Quic. (#55877)"
Browse files Browse the repository at this point in the history 
This reverts commit b2107c5.
  • Loading branch information
@karelz
karelz authored Jul 21, 2021
1 parent a2f2a62 commit dd2804f
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 46 deletions.
3 changes: 0 additions & 3 deletions src/libraries/System.Net.Quic/src/Resources/Strings.resx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,8 +150,5 @@
<data name="net_quic_writing_notallowed" xml:space="preserve">
<value>Writing is not allowed on stream.</value>
</data>
<data name="net_quic_ssl_option" xml:space="preserve">
<value>The '{0}' is not supported by System.Net.Quic.</value>
</data>
</root>

53 changes: 10 additions & 43 deletions ....Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,39 +36,20 @@ protected override bool ReleaseHandle()
public static unsafe SafeMsQuicConfigurationHandle Create(QuicClientConnectionOptions options)
{
X509Certificate? certificate = null;

if (options.ClientAuthenticationOptions != null)
if (options.ClientAuthenticationOptions?.ClientCertificates != null)
{
if (options.ClientAuthenticationOptions.CipherSuitesPolicy != null)
{
throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ClientAuthenticationOptions.CipherSuitesPolicy)));
}

if (options.ClientAuthenticationOptions.EncryptionPolicy == EncryptionPolicy.NoEncryption)
foreach (var cert in options.ClientAuthenticationOptions.ClientCertificates)
{
throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ClientAuthenticationOptions.EncryptionPolicy)));
}

if (options.ClientAuthenticationOptions.LocalCertificateSelectionCallback != null)
{
throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ClientAuthenticationOptions.LocalCertificateSelectionCallback)));
}

if (options.ClientAuthenticationOptions.ClientCertificates != null)
{
foreach (var cert in options.ClientAuthenticationOptions.ClientCertificates)
try
{
try
if (((X509Certificate2)cert).HasPrivateKey)
{
if (((X509Certificate2)cert).HasPrivateKey)
{
// Pick first certificate with private key.
certificate = cert;
break;
}
// Pick first certificate with private key.
certificate = cert;
break;
}
catch { }
}
catch { }
}
}

Expand All @@ -78,23 +59,9 @@ public static unsafe SafeMsQuicConfigurationHandle Create(QuicClientConnectionOp
public static unsafe SafeMsQuicConfigurationHandle Create(QuicListenerOptions options)
{
QUIC_CREDENTIAL_FLAGS flags = QUIC_CREDENTIAL_FLAGS.NONE;

if (options.ServerAuthenticationOptions != null)
if (options.ServerAuthenticationOptions != null && options.ServerAuthenticationOptions.ClientCertificateRequired)
{
if (options.ServerAuthenticationOptions.CipherSuitesPolicy != null)
{
throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ServerAuthenticationOptions.CipherSuitesPolicy)));
}

if (options.ServerAuthenticationOptions.EncryptionPolicy == EncryptionPolicy.NoEncryption)
{
throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ServerAuthenticationOptions.EncryptionPolicy)));
}

if (options.ServerAuthenticationOptions.ClientCertificateRequired)
{
flags |= QUIC_CREDENTIAL_FLAGS.REQUIRE_CLIENT_AUTHENTICATION | QUIC_CREDENTIAL_FLAGS.INDICATE_CERTIFICATE_RECEIVED | QUIC_CREDENTIAL_FLAGS.NO_CERTIFICATE_VALIDATION;
}
flags |= QUIC_CREDENTIAL_FLAGS.REQUIRE_CLIENT_AUTHENTICATION | QUIC_CREDENTIAL_FLAGS.INDICATE_CERTIFICATE_RECEIVED | QUIC_CREDENTIAL_FLAGS.NO_CERTIFICATE_VALIDATION;
}

return Create(options, flags, options.ServerAuthenticationOptions?.ServerCertificate, options.ServerAuthenticationOptions?.ServerCertificateContext, options.ServerAuthenticationOptions?.ApplicationProtocols);
Expand Down

0 comments on commit dd2804f

Please sign in to comment.