Implement https connection support for the managed HttpListener

[Priya91]

This requires a mechanism to get the ssl certificate info to use on the port of httplistener connection.

Possible solutions:

• Expose an API that gets the cert filename on Unix and throws PNSE on Windows.
• Create a tool to maintain/create/delete httplistener certs, mimicking windows httpcfg.

Current behavior:

• Connections drop on https.

[CIPop]

/cc @davidsh @DavidGoll
@Priya91 on Mono, HttpListener is searching for certs in a hardcoded path: https://github.com/mono/mono/blob/3f779475e3fc982e312212d5dbbd86515eddfc0c/mcs/class/System/System.Net/HttpListener.Mono.cs#L64
(also see this Stack Overflow discussion).

I couldn't find any documentation on how this could be achieved on Xamarin.

[Priya91]

@CIPop Yes, that's the second bullet in the description. We could re-use the dotnet crypto cert-store for this purpose, similar to mono, instead the hardcoded path here will be some custom dotnet path.

[DavidGoll]

@davidsh Document this as a compat issue for UWP6.0. This will require significant design for a cross-plat implementation.

[davidsh]

Added documentation to https://github.com/dotnet/corefx/wiki/ApiCompat

[dabretin]

Any news on this ?

[m5x]

It would be great if it was possible to supply the certificate as a stream. It would remove additional steps that are required on each OS to install the certficate and at the same time it would allow developers to control themselves how and where is the certificate stored.

[tomrus88]

Just add an API that accepts a path to certificate file to use for all OS. We don't need any special tools like httpcfg, this only makes using HttpListener much worse experience. Let developers have full control over certificates (where and how they are stored) without need to use external tools.

[jchristn]

Are there any formal/informal timelines on when we could expect a resolution to this? Or at minimum a reasonable workaround? Thanks!

[freddyrios]

As it stands today the documentation for this class is very misleading https://learn.microsoft.com/en-us/dotnet/api/system.net.httplistener?view=net-7.0.

First, it provides no indication https is only supported on windows. Some people may begin building something with plain http and then face the missing support by the time they were expecting to simply enable https.

Second, it provides no indication the class is soft deprecated.

[RicardoSSB]

Hello,

why not implementing a delegate to let the user decide to use it,

public delegate X509Certificate LoadCertificateAndKeyHandler(IPAddress addr, int port);
    public partial class HttpListener
    {

        public static LoadCertificateAndKeyHandler? LoadCertificateAndKeyHandler { get; set; }
        internal static SslStream CreateSslStream(Stream innerStream, bool ownsStream, RemoteCertificateValidationCallback callback)
        {
            return new SslStream(innerStream, ownsStream, callback);
        }

#pragma warning disable IDE0060
        internal static X509Certificate? LoadCertificateAndKey(IPAddress addr, int port)
        {
            if(LoadCertificateAndKeyHandler!=null) return LoadCertificateAndKeyHandler(addr, port);

            // TODO https://github.com/dotnet/runtime/issues/19752: Implement functionality to read SSL certificate.
            return null;
        }
#pragma warning restore IDE0060
    }

[Cangjier]

啥时候能支持啊....HttpListener挺好用的，如果能支持HTTPS就更加好了。