Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

[release/2.1] Ignore CTRequired when building an X509 chain on macOS #35590

Merged
wtgodbe merged 1 commit into from
Mar 7, 2019
Merged

[release/2.1] Ignore CTRequired when building an X509 chain on macOS #35590

wtgodbe merged 1 commit into from
Mar 7, 2019

Conversation

@bartonjs
Copy link
Member

@bartonjs bartonjs commented Feb 26, 2019
edited by karelz
Loading

Port #35246 to release/2.1 to prevent the new "CTRequired" errors from failing X509Chain builds on macOS.

Description

Recent change to macOS has caused a new error code to appear during X509Chain building. Since this error code has been identified as not having impact on the .NET X509Chain class, ignore it.

Customer Impact

Without this fix, customers who upgrade their macOS version and build X509Chains against certificates/certificate-authorities which result in the CTRequired code will get a CryptographicException due to the unmapped error.

Regression?

No, reaction to OS update.

Packaging reviewed?

Required shim library, no packaging impact.

Risk

Minimal

Fixes #35224

@bartonjs bartonjs added this to the 2.1.x milestone Feb 26, 2019
@bartonjs bartonjs self-assigned this Feb 26, 2019
safern
safern approved these changes Feb 26, 2019
View reviewed changes
Copy link
Member

@safern safern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@danmoseley danmoseley added the Servicing-consider Issue for next servicing release review label Feb 26, 2019
danmoseley
danmoseley reviewed Feb 26, 2019
View reviewed changes
src/Native/Unix/System.Security.Cryptography.Native.Apple/pal_x509chain.cpp
}
else if (CFEqual(keyString, CFSTR("NonEmptySubject")) || CFEqual(keyString, CFSTR("GrayListedKey")))
else if (CFEqual(keyString, CFSTR("NonEmptySubject")) || CFEqual(keyString, CFSTR("GrayListedKey")) ||
CFEqual(keyString, CFSTR("CTRequired")))
Copy link
Member

@danmoseley danmoseley Feb 26, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth a comment indicating what CTRequired actually means, now you've satisfied yourself that it's not relevant to us.

@vivmishra vivmishra added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Feb 26, 2019
@vivmishra vivmishra modified the milestones: 2.1.x, 2.1.10 Feb 26, 2019
@vivmishra
Copy link

vivmishra commented Feb 26, 2019

Approved for 2.1.10 and 2.2.4.
Wait for branch to open.

@wtgodbe wtgodbe merged commit 85727d5 into dotnet:release/2.1 Mar 7, 2019
@bartonjs bartonjs deleted the port_ignore_ctrequired branch March 18, 2019 18:28
@bartonjs bartonjs removed their assignment Apr 5, 2019
@danmoseley danmoseley mentioned this pull request Apr 30, 2020
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@danmoseley danmoseley danmoseley approved these changes

@stephentoub stephentoub stephentoub approved these changes

@safern safern safern approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area-System.Security Servicing-approved Approved for servicing release

Projects

None yet

Milestone

2.1.10

Development

Successfully merging this pull request may close these issues.

6 participants

@bartonjs @vivmishra @stephentoub @danmoseley @safern @wtgodbe