-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ignore expiration in NoCallback_RevokedCertificate_NoRevocationChecking_Succeeds test #83157
Conversation
Tagging subscribers to this area: @dotnet/ncl Issue DetailsIt seems like chromium/badssl.com#515 is broken for a while not getting any traction. fixes #77726
|
@@ -228,14 +228,38 @@ public async Task NoCallback_BadCertificate_ThrowsException(string url) | |||
} | |||
|
|||
[OuterLoop("Uses external servers")] | |||
[ActiveIssue("https://github.com/dotnet/runtime/issues/77726")] | |||
[ConditionalFact(nameof(ClientSupportsDHECipherSuites))] | |||
public async Task NoCallback_RevokedCertificate_NoRevocationChecking_Succeeds() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Name of the test now seems not fully correct, as we do have a callback now 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good point. I can make it work without callback - but only for SocketsHttpHandler
as that is the only one exposing SSL options and therefore certificate validation policy.
Or we can just rename the test.
Cast your vote.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have a feeling this group of tests starting with "NoCallback_" was supposed to validate HttpClient's default behavior... so can we have both tests? The one without callback for SocketsHttpHandler (which should technically cover HttpClientHandler without callback on platforms where it has SocketsHttpHandler inside), and the one with the callback you've added for general HttpClientHandler?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One way how to solve this is removing dependency on badssl.com
. It may need some more infrastructure changes but perhaps it is better fix.
I'm turning this to draft to explore possibility without |
Draft Pull Request was automatically closed for 30 days of inactivity. Please let us know if you'd like to reopen it. |
Draft Pull Request was automatically closed for 30 days of inactivity. Please let us know if you'd like to reopen it. |
It seems like chromium/badssl.com#515 is broken for a while not getting any traction.
I updated the test to ignore expiration and do all other checks. It should work as well if certificate will get renewed. (and revoked)
fixes #77726