review.tizen.org Git - platform/upstream/dotnet/runtime.git/commit

projects / platform / upstream / dotnet / runtime.git / commit

author	Kevin Jones <kevin@vcsjones.com>
	Fri, 17 Feb 2023 00:34:41 +0000 (19:34 -0500)
committer	GitHub <noreply@github.com>
	Fri, 17 Feb 2023 00:34:41 +0000 (16:34 -0800)
commit	9e6f1721a06c3ec5c55f3a798e7de64fac177f56
tree	df950254cf1840053e7255366b4e8147c35662cd	tree \| snapshot
parent	c108266e9b10deb7ca3fb92ac90a6016b5f04f03	commit \| diff

Fix disposing root X.509 certificate prematurely for OCSP stapling (#82116)

In SslStreamCertificateContext, don't dispose of the root cert if it's about to be handed to the AddRootCert PAL call,
which was the high-level cause of a segfault when handling certificate chains of length 2 in OCSP Stapling on Linux.

This change additionally guards against disposed certificates in the OCSP Stapling retriever (disabling the feature
instead of segfaulting), and adds tests to ensure that we don't regress 2-cert chains in the future.

src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs		diff \| blob \| history
src/libraries/System.Net.Security/src/System/Net/Security/SslStreamCertificateContext.Linux.cs		diff \| blob \| history
src/libraries/System.Net.Security/src/System/Net/Security/SslStreamCertificateContext.cs		diff \| blob \| history
src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationRemoteServer.cs		diff \| blob \| history

Domain: Dotnet / Core;

RSS Atom