projects / platform / upstream / dotnet / runtime.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 52ace05)
add more validation to quic config (#56923)
authorTomas Weinfurt <tweinfurt@yahoo.com>
Tue, 10 Aug 2021 04:38:20 +0000 (21:38 -0700)
committerGitHub <noreply@github.com>
Tue, 10 Aug 2021 04:38:20 +0000 (21:38 -0700)
src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs patch | blob | history

diff --git a/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs b/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs
index aa4c589..2420002 100644 (file)
--- a/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs
+++ b/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs
@@ -36,20 +36,34 @@ namespace System.Net.Quic.Implementations.MsQuic.Internal
         public static SafeMsQuicConfigurationHandle Create(QuicClientConnectionOptions options)
         {
             X509Certificate? certificate = null;
-            if (options.ClientAuthenticationOptions?.ClientCertificates != null)
+
+            if (options.ClientAuthenticationOptions != null)
             {
-                foreach (var cert in options.ClientAuthenticationOptions.ClientCertificates)
+                if (options.ClientAuthenticationOptions.CipherSuitesPolicy != null)
                 {
-                    try
+                    throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ClientAuthenticationOptions.CipherSuitesPolicy)));
+                }
+
+                if (options.ClientAuthenticationOptions.EncryptionPolicy == EncryptionPolicy.NoEncryption)
+                {
+                    throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ClientAuthenticationOptions.EncryptionPolicy)));
+                }
+
+                if (options.ClientAuthenticationOptions.ClientCertificates != null)
+                {
+                    foreach (var cert in options.ClientAuthenticationOptions.ClientCertificates)
                     {
-                        if (((X509Certificate2)cert).HasPrivateKey)
+                        try
                         {
-                            // Pick first certificate with private key.
-                            certificate = cert;
-                            break;
+                            if (((X509Certificate2)cert).HasPrivateKey)
+                            {
+                                // Pick first certificate with private key.
+                                certificate = cert;
+                                break;
+                            }
                         }
+                        catch { }
                     }
-                    catch { }
                 }
             }
 
Domain: Dotnet / Core;