Fail on startup for Http/2 HTTPS on Mac #11061 (#11120)

* Use automatic resx #11054
dotnet · Jun 13, 2019 · 82d2b4f · 82d2b4f
1 parent 3bf09d8
commit 82d2b4f
Show file tree

Hide file tree

Showing 8 changed files with 101 additions and 2,377 deletions.
diff --git a/src/ProjectTemplates/test/GrpcTemplateTest.cs b/src/ProjectTemplates/test/GrpcTemplateTest.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Runtime.InteropServices;
 using System.Threading.Tasks;
 using Templates.Test.Helpers;
 using Xunit;
@@ -37,16 +38,38 @@ public async Task GrpcTemplate()
 
             using (var serverProcess = Project.StartBuiltProjectAsync())
             {
-                Assert.False(
-                    serverProcess.Process.HasExited,
-                    ErrorMessages.GetFailedProcessMessageOrEmpty("Run built service", Project, serverProcess.Process));
+                // These templates are HTTPS + HTTP/2 only which is not supported on Mac due to missing ALPN support.
+                // https://github.com/aspnet/AspNetCore/issues/11061
+                if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+                {
+                    Assert.True(serverProcess.Process.HasExited, "built");
+                    Assert.Contains("System.NotSupportedException: HTTP/2 over TLS is not supported on OSX due to missing ALPN support.",
+                        ErrorMessages.GetFailedProcessMessageOrEmpty("Run built service", Project, serverProcess.Process));
+                }
+                else
+                {
+                    Assert.False(
+                        serverProcess.Process.HasExited,
+                        ErrorMessages.GetFailedProcessMessageOrEmpty("Run built service", Project, serverProcess.Process));
+                }
             }
 
             using (var aspNetProcess = Project.StartPublishedProjectAsync())
             {
-                Assert.False(
-                    aspNetProcess.Process.HasExited,
-                    ErrorMessages.GetFailedProcessMessageOrEmpty("Run published service", Project, aspNetProcess.Process));
+                // These templates are HTTPS + HTTP/2 only which is not supported on Mac due to missing ALPN support.
+                // https://github.com/aspnet/AspNetCore/issues/11061
+                if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+                {
+                    Assert.True(aspNetProcess.Process.HasExited, "published");
+                    Assert.Contains("System.NotSupportedException: HTTP/2 over TLS is not supported on OSX due to missing ALPN support.",
+                        ErrorMessages.GetFailedProcessMessageOrEmpty("Run published service", Project, aspNetProcess.Process));
+                }
+                else
+                {
+                    Assert.False(
+                        aspNetProcess.Process.HasExited,
+                        ErrorMessages.GetFailedProcessMessageOrEmpty("Run published service", Project, aspNetProcess.Process));
+                }
             }
         }
     }

diff --git a/src/Servers/Kestrel/Core/src/CoreStrings.resx b/src/Servers/Kestrel/Core/src/CoreStrings.resx
@@ -605,4 +605,7 @@ For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?l
   <data name="RequestTrailersNotAvailable" xml:space="preserve">
     <value>The request trailers are not available yet. They may not be available until the full request body is read.</value>
   </data>
+  <data name="HTTP2NoTlsOsx" xml:space="preserve">
+    <value>HTTP/2 over TLS is not supported on OSX due to missing ALPN support.</value>
+  </data>
 </root>
diff --git a/src/Servers/Kestrel/Core/src/Internal/HttpsConnectionAdapter.cs b/src/Servers/Kestrel/Core/src/Internal/HttpsConnectionAdapter.cs
@@ -5,17 +5,18 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Net.Security;
+using System.Runtime.InteropServices;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Connections;
 using Microsoft.AspNetCore.Connections.Features;
+using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.AspNetCore.Server.Kestrel.Core.Adapter.Internal;
 using Microsoft.AspNetCore.Server.Kestrel.Core.Features;
 using Microsoft.Extensions.Logging;
-using Microsoft.AspNetCore.Http.Features;
 
 namespace Microsoft.AspNetCore.Server.Kestrel.Https.Internal
 {
@@ -41,6 +42,12 @@ public HttpsConnectionAdapter(HttpsConnectionAdapterOptions options, ILoggerFact
                 throw new ArgumentNullException(nameof(options));
             }
 
+            // This configuration will always fail per-request, preemptively fail it here. See HttpConnection.SelectProtocol().
+            if (options.HttpProtocols == HttpProtocols.Http2 && RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+            {
+                throw new NotSupportedException(CoreStrings.HTTP2NoTlsOsx);
+            }
+
             // capture the certificate now so it can't be switched after validation
             _serverCertificate = options.ServerCertificate;
             _serverCertificateSelector = options.ServerCertificateSelector;