Skip to content

Commit

Permalink
Avoid rooting X509Certificate2 in SslSessionCache (dotnet#101120)
Browse files Browse the repository at this point in the history
* Avoid rooting X509Certificate2 in SslSessionCache

* Update src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs

Co-authored-by: campersau <buchholz.bastian@googlemail.com>

---------

Co-authored-by: campersau <buchholz.bastian@googlemail.com>
  • Loading branch information
2 people authored and matouskozak committed Apr 30, 2024
1 parent 711b268 commit 229567d
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -335,13 +335,12 @@ internal sealed class SafeFreeCredential_SECURITY : SafeFreeCredentials
{
#pragma warning disable 0649
// This is used only by SslStream but it is included elsewhere
public X509Certificate? LocalCertificate;
public bool HasLocalCertificate;
#pragma warning restore 0649
public SafeFreeCredential_SECURITY() : base() { }

protected override bool ReleaseHandle()
{
LocalCertificate?.Dispose();
return Interop.SspiCli.FreeCredentialsHandle(ref _handle) == 0;
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ internal static bool IsLocalCertificateUsed(SafeFreeCredentials? _credentialsHan
// This is TLS Resumed session. Windows can fail to query the local cert bellow.
// Instead, we will determine the usage form used credentials.
SafeFreeCredential_SECURITY creds = (SafeFreeCredential_SECURITY)_credentialsHandle!;
return creds.LocalCertificate != null;
return creds.HasLocalCertificate;
}

SafeFreeCertContext? localContext = null;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -233,8 +233,7 @@ public static SafeFreeCredentials AcquireCredentialsHandle(SslAuthenticationOpti
if (newCredentialsRequested && sslAuthenticationOptions.CertificateContext != null)
{
SafeFreeCredential_SECURITY handle = (SafeFreeCredential_SECURITY)cred;
// We need to create copy to avoid Disposal issue.
handle.LocalCertificate = new X509Certificate2(sslAuthenticationOptions.CertificateContext.TargetCertificate);
handle.HasLocalCertificate = true;
}

return cred;
Expand Down

0 comments on commit 229567d

Please sign in to comment.