throw new NotSupportedException(SR.Format(SR.net_io_invalidnestedcall, nameof(WriteAsync), "write"));
}
- if (_decryptedBytesCount is not 0)
+ try
{
- throw new InvalidOperationException(SR.net_ssl_renegotiate_buffer);
- }
+ if (_decryptedBytesCount is not 0)
+ {
+ throw new InvalidOperationException(SR.net_ssl_renegotiate_buffer);
+ }
+
+ _sslAuthenticationOptions!.RemoteCertRequired = true;
+ _isRenego = true;
- _sslAuthenticationOptions!.RemoteCertRequired = true;
- _isRenego = true;
- try
- {
SecurityStatusPal status = _context!.Renegotiate(out byte[]? nextmsg);
if (nextmsg is {} && nextmsg.Length > 0)
using (server)
{
using X509Certificate2 serverCertificate = Configuration.Certificates.GetServerCertificate();
+ using X509Certificate2 clientCertificate = Configuration.Certificates.GetClientCertificate();
SslClientAuthenticationOptions clientOptions = new SslClientAuthenticationOptions()
{
EnabledSslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12,
};
clientOptions.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
+ clientOptions.LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
+ {
+ return clientCertificate;
+ };
SslServerAuthenticationOptions serverOptions = new SslServerAuthenticationOptions() { ServerCertificate = serverCertificate };
-
+ serverOptions.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
client.AuthenticateAsClientAsync(clientOptions, cts.Token),
server.AuthenticateAsServerAsync(serverOptions, cts.Token));
await Assert.ThrowsAsync<InvalidOperationException>(()=>
server.NegotiateClientCertificateAsync(cts.Token)
);
+
+ // Drain client data.
+ await server.ReadAsync(new byte[499]);
+ // Verify that the session is usable even renego request failed.
+ await TestHelper.PingPong(client, server, cts.Token);
+ await TestHelper.PingPong(server, client, cts.Token);
}
}