Skip to content

Commit

Permalink
Fix | Skip the CRL check during authenticaiton (dotnet#1559)
Browse files Browse the repository at this point in the history
Co-authored-by: Davoud Eshtehari <v-daesht@microsoft.com>
  • Loading branch information
DavoudEshtehari and Davoud Eshtehari committed Aug 11, 2022
1 parent 7cf5286 commit 6402ca3
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 20 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ public override uint EnableSsl(uint options)
_validateCert = (options & TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE) != 0;
try
{
_sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, true);
_sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, false);
_sslOverTdsStream.FinishHandshake();
}
catch (AuthenticationException aue)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -578,27 +578,29 @@ private static async void ParallelConnectHelper(
/// </summary>
public override uint EnableSsl(uint options)
{
_validateCert = (options & TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE) != 0;

try
{
_sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, true);
_sslOverTdsStream.FinishHandshake();
}
catch (AuthenticationException aue)
using (TrySNIEventScope.Create(nameof(SNIHandle)))
{
SqlClientEventSource.Log.TrySNITraceEvent(nameof(SNITCPHandle), EventType.ERR, "Connection Id {0}, Authentication exception occurred: {1}", args0: _connectionId, args1: aue?.Message);
return ReportTcpSNIError(aue, SNIError.CertificateValidationErrorCode);
}
catch (InvalidOperationException ioe)
{
SqlClientEventSource.Log.TrySNITraceEvent(nameof(SNITCPHandle), EventType.ERR, "Connection Id {0}, Invalid Operation Exception occurred: {1}", args0: _connectionId, args1: ioe?.Message);
return ReportTcpSNIError(ioe);
}
_validateCert = (options & TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE) != 0;
try
{
_sslStream.AuthenticateAsClient(_targetServer, null, SupportedProtocols, false);
_sslOverTdsStream.FinishHandshake();
}
catch (AuthenticationException aue)
{
SqlClientEventSource.Log.TrySNITraceEvent(nameof(SNITCPHandle), EventType.ERR, "Connection Id {0}, Authentication exception occurred: {1}", args0: _connectionId, args1: aue?.Message);
return ReportTcpSNIError(aue, SNIError.CertificateValidationErrorCode);
}
catch (InvalidOperationException ioe)
{
SqlClientEventSource.Log.TrySNITraceEvent(nameof(SNITCPHandle), EventType.ERR, "Connection Id {0}, Invalid Operation Exception occurred: {1}", args0: _connectionId, args1: ioe?.Message);
return ReportTcpSNIError(ioe);
}

_stream = _sslStream;
SqlClientEventSource.Log.TrySNITraceEvent(nameof(SNITCPHandle), EventType.INFO, "Connection Id {0}, SSL enabled successfully.", args0: _connectionId);
return TdsEnums.SNI_SUCCESS;
_stream = _sslStream;
SqlClientEventSource.Log.TrySNITraceEvent(nameof(SNITCPHandle), EventType.INFO, "Connection Id {0}, SSL enabled successfully.", args0: _connectionId);
return TdsEnums.SNI_SUCCESS;
}
}

/// <summary>
Expand Down

0 comments on commit 6402ca3

Please sign in to comment.