Fix SslServerAuthenticationOptions.ApplicationProtocols empty list error #55447 ...

author Chris Ross <Tratcher@Outlook.com>

Fri, 16 Jul 2021 21:36:53 +0000 (14:36 -0700)

committer GitHub <noreply@github.com>

Fri, 16 Jul 2021 21:36:53 +0000 (14:36 -0700)
author Chris Ross <Tratcher@Outlook.com>
Fri, 16 Jul 2021 21:36:53 +0000 (14:36 -0700)
committer GitHub <noreply@github.com>
Fri, 16 Jul 2021 21:36:53 +0000 (14:36 -0700)
diff --git a/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs b/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs

index 9dd310326b0ad3080e8d8789b7b9d59c98eb0bed..73a9d32bb45c84107c4b113463e3c21e8e5047cb 100644 (file)
--- a/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs
+++ b/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs
@@ -160,7 +160,7 @@ internal static partial class Interop
                  GCHandle alpnHandle = default;
                  try
                  {
-                    if (sslAuthenticationOptions.ApplicationProtocols != null)
+                    if (sslAuthenticationOptions.ApplicationProtocols != null && sslAuthenticationOptions.ApplicationProtocols.Count != 0)
                      {
                          if (sslAuthenticationOptions.IsServer)
                          {
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs b/src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs

index 99cb5fa68cf9790fbc9d1b080c8cf16ce9c77360..62f15599c8e08c716dc07526e0ce1926697e14bc 100644 (file)
--- a/src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
@@ -235,7 +235,8 @@ namespace System.Net
                  Interop.AndroidCrypto.SSLStreamSetEnabledProtocols(handle, s_orderedSslProtocols.AsSpan(minIndex, maxIndex - minIndex + 1));
              }
  
-            if (authOptions.ApplicationProtocols != null && Interop.AndroidCrypto.SSLSupportsApplicationProtocolsConfiguration())
+            if (authOptions.ApplicationProtocols != null && authOptions.ApplicationProtocols.Count != 0
+                && Interop.AndroidCrypto.SSLSupportsApplicationProtocolsConfiguration())
              {
                  // Set application protocols if the platform supports it. Otherwise, we will silently ignore the option.
                  Interop.AndroidCrypto.SSLStreamSetApplicationProtocols(handle, authOptions.ApplicationProtocols);
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs b/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs

index 9b4cef4873dd0e1dd0aeefb2d9c63f8975c53401..18585eeea01e18ef89e19be981f54f33c55dc6d5 100644 (file)
--- a/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs
@@ -77,7 +77,7 @@ namespace System.Net
                      }
                  }
  
-                if (sslAuthenticationOptions.ApplicationProtocols != null)
+                if (sslAuthenticationOptions.ApplicationProtocols != null && sslAuthenticationOptions.ApplicationProtocols.Count != 0)
                  {
                      // On OSX coretls supports only client side. For server, we will silently ignore the option.
                      if (!sslAuthenticationOptions.IsServer)
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Unix.cs

index ed0bcaaccd1b9b0f7a64255eac46fd1b5e8d0ad9..c3b2e7e291e89f6d1da73b453c47697550e03d48 100644 (file)
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Unix.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Unix.cs
@@ -171,7 +171,9 @@ namespace System.Net.Security
                  // We have this workaround, as openssl supports terminating handshake only from version 1.1.0,
                  // whereas ALPN is supported from version 1.0.2.
                  SafeSslHandle sslContext = context.SslContext;
-                if (done && sslAuthenticationOptions.IsServer && sslAuthenticationOptions.ApplicationProtocols != null && sslContext.AlpnHandle.IsAllocated && sslContext.AlpnHandle.Target == null)
+                if (done && sslAuthenticationOptions.IsServer
+                    && sslAuthenticationOptions.ApplicationProtocols != null && sslAuthenticationOptions.ApplicationProtocols.Count != 0
+                    && sslContext.AlpnHandle.IsAllocated && sslContext.AlpnHandle.Target == null)
                  {
                      return new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, Interop.OpenSsl.CreateSslException(SR.net_alpn_failed));
                  }
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamAlpnTests.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamAlpnTests.cs

index 7848c01e9f0d854227f9f2f6d8db058c4c396640..1d288e2ba8ae85135fac9a1bbadd139ffa717b3c 100644 (file)
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamAlpnTests.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamAlpnTests.cs
@@ -211,8 +211,12 @@ namespace System.Net.Security.Tests
                  yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11 }, new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, null };
                  yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, null };
                  yield return new object[] { null, new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, null };
+                yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, new List<SslApplicationProtocol>(), null };
                  yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, null, null };
                  yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11 }, new List<SslApplicationProtocol> { SslApplicationProtocol.Http2 }, null };
+                yield return new object[] { new List<SslApplicationProtocol>(), new List<SslApplicationProtocol>(), null };
+                yield return new object[] { null, new List<SslApplicationProtocol>(), null };
+                yield return new object[] { new List<SslApplicationProtocol>(), null, null };
                  yield return new object[] { null, null, null };
              }
              else
@@ -221,7 +225,11 @@ namespace System.Net.Security.Tests
                  yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11 }, new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, BackendSupportsAlpn ? SslApplicationProtocol.Http11 : default };
                  yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, BackendSupportsAlpn ? SslApplicationProtocol.Http11 : default };
                  yield return new object[] { null, new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, default(SslApplicationProtocol) };
+                yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, new List<SslApplicationProtocol>(), default(SslApplicationProtocol) };
                  yield return new object[] { new List<SslApplicationProtocol> { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, null, default(SslApplicationProtocol) };
+                yield return new object[] { new List<SslApplicationProtocol>(), new List<SslApplicationProtocol>(), default(SslApplicationProtocol) };
+                yield return new object[] { null, new List<SslApplicationProtocol>(), default(SslApplicationProtocol) };
+                yield return new object[] { new List<SslApplicationProtocol>(), null, default(SslApplicationProtocol) };
                  yield return new object[] { null, null, default(SslApplicationProtocol) };
              }
          }
author	Chris Ross <Tratcher@Outlook.com>
	Fri, 16 Jul 2021 21:36:53 +0000 (14:36 -0700)
committer	GitHub <noreply@github.com>
	Fri, 16 Jul 2021 21:36:53 +0000 (14:36 -0700)
src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs		patch \| blob \| history
src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs		patch \| blob \| history
src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs		patch \| blob \| history
src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Unix.cs		patch \| blob \| history
src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamAlpnTests.cs		patch \| blob \| history