Update CertificateLoader.cs #50474
Update CertificateLoader.cs #50474
Conversation
simon-curtis
requested review from
BrennanConroy,
JamesNK,
Tratcher,
halter73 and
mgravell
as code owners
ghost
added
area-networking
|
Thanks for your PR, @simon-curtis. Someone from the team will get assigned to your PR shortly and we'll get it reviewed. |
|
I imagine the team would want a test to be added for this if the change is taken 😃 |
|
I would tend to agree, but how do you provide a unit test for something to environment specific? I.e. there aren't any tests covering this now. |
It's possible we have a way to mock the store. Let me see if I can find a test that does that (there may not be one). |
|
This looks correct to me, but let's see if we can figure out a way to test this. |
|
Re-running the tests, since the failure is unrelated. |
|
There's one test in HttpsConnectionMiddlewareTests, but it's not great. Given that the original PR didn't add a test and the fix seems self-explanatory (after making it a named argument 😉), I can live without one, assuming there's been some manual validation. @halter73 @martincostello If you happen to know how to add test coverage for this, feel free to jump in. |
simon-curtis
force-pushed
the
patch-1
branch
2 times, most recently
from
e3e3061 to
28567c9
Compare
|
Im just trying to load the solution up in Rider, and oh boy it's taking a while. Is it just the |
The check for exact match to certificate subject fails as the `forIssuer` flag is set to true. This returns the `issuer` and not the `subject` this means that if two certificates have a partial match, it will just select the first one that has the search value in the name. [https://github.com/dotnet/aspnetcore/issues/49062](https://github.com/dotnet/aspnetcore/issues/49062)
simon-curtis
force-pushed
the
patch-1
branch
from
7f80556 to
4d012a9
Compare
simon-curtis
left a comment
simon-curtis
left a comment
There was a problem hiding this comment.
Change flag to named argument
|
@amcasey can you do a manual test for this change? |
Don't forget about Codespaces. 😉 |
|
Sorry, it took me a little while to remember how to create certs with just the right properties. LGTM |
|
Any remaining concerns @Tratcher? |
|
@Tratcher Anyway this could be back ported to .NET 8? We only use LTS versions and I would not like to have to continue to have the workaround @simon-curtis mentioned in #49062 until .NET 10. |
|
Hi @dan-olsen. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context. |
|
@dan-olsen it looks like the regression happened in 6.0 (#34582). Given the availability of a workaround, and so few reports of the issue, it's unlikely to qualify for an 8.0 patch. If this is a significant blocker for you, please open a new issue and explain why. |
6 participants
CertificateLoader loading wrong certificate
Fixes certificate selection by subject name
Description
The check for exact match to certificate subject fails as the
forIssuerflag is set to true. This returns theissuerand not thesubjectthis means that if two certificates have a partial match, it will just select the first one that has the search value in the name.Fixes #49062 (in this specific format)