Previously X509ChainPolicy would always allocate its collections, but now it lazily allocates them. However, X509Chain.Build is forcing them to be allocated even when they're not needed. Stop doing that.
Commit migrated from https://github.com/dotnet/corefx/commit/
5b8fe73971fb7885fa7afc08ceec28df9a695a23
systemTrusted.DisposeAll();
downloaded.DisposeAll();
- // Candidate certs which came from extraStore should NOT be disposed, since they came
- // from outside.
- var extraStoreByReference = new HashSet<X509Certificate2>(
- ReferenceEqualityComparer<X509Certificate2>.Instance);
-
- foreach (X509Certificate2 extraCert in extraStore)
+ if (extraStore == null || extraStore.Count == 0)
{
- extraStoreByReference.Add(extraCert);
+ // There were no extraStore certs, so everything can be disposed.
+ foreach (X509Certificate2 candidate in candidates)
+ {
+ candidate.Dispose();
+ }
}
-
- foreach (X509Certificate2 candidate in candidates)
+ else
{
- if (!extraStoreByReference.Contains(candidate))
+ // Candidate certs which came from extraStore should NOT be disposed, since they came
+ // from outside.
+ var extraStoreByReference = new HashSet<X509Certificate2>(
+ ReferenceEqualityComparer<X509Certificate2>.Instance);
+
+ foreach (X509Certificate2 extraCert in extraStore)
{
- candidate.Dispose();
+ extraStoreByReference.Add(extraCert);
+ }
+
+ foreach (X509Certificate2 candidate in candidates)
+ {
+ if (!extraStoreByReference.Contains(candidate))
+ {
+ candidate.Dispose();
+ }
}
}
}
}
- X509Certificate2Collection[] storesToCheck =
+ X509Certificate2Collection[] storesToCheck;
+ if (extraStore != null && extraStore.Count > 0)
{
- extraStore,
- userMyCerts,
- userIntermediateCerts,
- systemIntermediateCerts,
- userRootCerts,
- systemRootCerts,
- };
+ storesToCheck = new[]
+ {
+ extraStore,
+ userMyCerts,
+ userIntermediateCerts,
+ systemIntermediateCerts,
+ userRootCerts,
+ systemRootCerts,
+ };
+ }
+ else
+ {
+ storesToCheck = new[]
+ {
+ userMyCerts,
+ userIntermediateCerts,
+ systemIntermediateCerts,
+ userRootCerts,
+ systemRootCerts,
+ };
+ }
while (toProcess.Count > 0)
{
_pal = ChainPal.BuildChain(
_useMachineContext,
certificate.Pal,
- chainPolicy.ExtraStore,
- chainPolicy.ApplicationPolicy,
- chainPolicy.CertificatePolicy,
+ chainPolicy._extraStore,
+ chainPolicy._applicationPolicy,
+ chainPolicy._certificatePolicy,
chainPolicy.RevocationMode,
chainPolicy.RevocationFlag,
chainPolicy.VerificationTime,
private X509RevocationMode _revocationMode;
private X509RevocationFlag _revocationFlag;
private X509VerificationFlags _verificationFlags;
- private OidCollection _applicationPolicy;
- private OidCollection _certificatePolicy;
- private X509Certificate2Collection _extraStore;
+ internal OidCollection _applicationPolicy;
+ internal OidCollection _certificatePolicy;
+ internal X509Certificate2Collection _extraStore;
public X509ChainPolicy()
{
projects / platform / upstream / dotnet / runtime.git / commitdiff