Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SslCertificateTrust is not sent on Windows #65515

Closed
rzikm opened this issue Feb 17, 2022 · 3 comments · Fixed by #65848
Closed

SslCertificateTrust is not sent on Windows #65515

rzikm opened this issue Feb 17, 2022 · 3 comments · Fixed by #65848
Assignees
@wfurt @rzikm
Labels
area-System.Net.Security os-windows test-bug Problem in test source code (most likely)
Milestone
7.0.0

Comments

@rzikm
Copy link
Member

rzikm commented Feb 17, 2022
edited by karelz
Loading

As part of #65195, I added some tests that check if SslCertificateTrust is really sent, and there were consistent CI failures on Windows queues:
@ghost
Copy link

ghost commented Feb 17, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

As part of #65195, I added some tests that check if SslCertificateTrust is really sent, and there were consistent CI failures on Windows queues:

https://helixre8s23ayyeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-65195-merge-4b9f97d04d6b4ecb81/System.Net.Security.Tests/3/console.5bd1cc96.log?sv=2019-07-07&se=2022-03-09T15%3A17%3A26Z&sr=c&sp=rl&sig=iww1UUesuup%2B31ugO2n1ZwRbA7Pp3d0PtSDkNqP%2FEYg%3D
https://helixre8s23ayyeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-65195-merge-66728b831e7643e3ba/System.Net.Security.Tests/3/console.9f1035c1.log?sv=2019-07-07&se=2022-03-09T15%3A17%3A24Z&sr=c&sp=rl&sig=uDuIR0x98NkvyVcs2OfMvZJmvveWjXQixldBTJ9lp90%3D
https://helixre8s23ayyeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-65195-merge-a48c3bef357a471ea5/System.Net.Security.Tests/3/console.9e8e98d6.log?sv=2019-07-07&se=2022-03-09T15%3A17%3A23Z&sr=c&sp=rl&sig=dqo%2FcqxU9sr%2B9baC4d0K7KZKMIiSH6KS8V6G2gLfusk%3D
https://helixre8s23ayyeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-65195-merge-bf298f95125a4909a9/System.Net.Security.Tests/3/console.29f91467.log?sv=2019-07-07&se=2022-03-09T15%3A17%3A22Z&sr=c&sp=rl&sig=3n7hnEvbWgdAP4ivHzrijPh1%2BdM37oHSYI5O4nM%2BK7A%3D
https://helixre8s23ayyeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-65195-merge-175262edd9694f75ba/System.Net.Security.Tests/3/console.d33e6fdd.log?sv=2019-07-07&se=2022-03-09T15%3A12%3A55Z&sr=c&sp=rl&sig=T%2BilrXiKi5rY%2B1vSoCQ67Xiyq9oCCLAsKF%2BPokiwXbc%3D
https://helixre8s23ayyeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-65195-merge-2a67a1de2b8445c1b1/System.Net.Security.Tests/3/console.b0006061.log?sv=2019-07-07&se=2022-03-09T15%3A12%3A52Z&sr=c&sp=rl&sig=u63vrWifqjh6V%2FBvt1DbP8gePk9gk53IVgS1WJ90BE8%3D

Author: rzikm
Assignees: -
Labels:

area-System.Net.Security, os-windows
Milestone: -

@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Feb 17, 2022
@rzikm rzikm mentioned this issue Feb 17, 2022
Merged
@karelz
Copy link
Member

karelz commented Feb 17, 2022

Triage: This requires reg keys set. Those reg keys should not be flipped during test runs.
Also, locally setting the reg keys will break other tests :(

@rzikm @wfurt to add the reg key here and close the issue please.

@karelz karelz added test-bug Problem in test source code (most likely) and removed untriaged New issue has not been triaged by the area owner labels Feb 17, 2022
@karelz karelz added this to the 7.0.0 milestone Feb 17, 2022
@wfurt
Copy link
Member

wfurt commented Feb 17, 2022

This unfortunately requires

As a pre-requisite, the following registry key is set in order for the server to send Trusted Issuer List during TLS handshake. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendTrustedIssuerList is set to 1. Details : https://docs.microsoft.com/en-us/windows-server/security/tls/what-s-new-in-tls-ssl-schannel-ssp-overview

see #45456

@rzikm rzikm mentioned this issue Feb 24, 2022
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Feb 24, 2022
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Mar 16, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Apr 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@wfurt wfurt

@rzikm rzikm

Labels
area-System.Net.Security os-windows test-bug Problem in test source code (most likely)
Projects
None yet
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

Condition Windows SslCertificateTrust test on Registry value rzikm/dotnet-runtime
3 participants
@karelz @wfurt @rzikm