-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X509Chain build does not work for OCSP only certificate for .Net 3.1 on Linux #79212
Comments
Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones Issue DetailsDescriptionWhen using below code snippet to build the chain for a valid certificate:
It works as expected in Windows, however that returned below error on Linux
The certificate did not have CRL but with OCSP:
Reproduction StepsDetails included in the project zip file. Expected behaviorThe chain build operation should return success. Actual behaviorThe chain build action returns below error:
Regression?No response Known WorkaroundsNo response Configurationdotnet --info.NET Core SDK (reflecting any global.json): Runtime Environment: Host (useful for support): .NET Core SDKs installed: .NET Core runtimes installed: Other informationNo response
|
I cannot reproduce this with this line:
But the zip project does not have that line, so I assume the steps to reproduce does not use the I can reproduce this in .NET Core 3.1, but not 6.0 or 7.0. .NET Core 3.1 should support OCSP. I would however point out that .NET Core 3.1 is going out-of-support in 8 days, as of writing. So any possible fix identified is unlikely to be serviced in to .NET Core 3.1. The most straightforward way to address this is to move to .NET Core 6 or 7, depending on your preference for LTS or STS. Can you confirm if the issue is resolved for you with .NET 6 or 7? |
This issue has been marked |
Thanks @vcsjones , confirmed that the issue is resolved in .NET 6
|
Given that .NET Core 3.1 went out of support today, and it's working as expected for .NET 6 and .NET 7, I think it makes sense to close this out. Please re-open the issue, or create a new one, if you believe there is an issue with a supported version of .NET. |
Description
When using below code snippet to build the chain for a valid certificate:
It works as expected in Windows, however that returned below error on Linux
The certificate did not have CRL but with OCSP:
Reproduction Steps
Details included in the project zip file.
OcspOnlyX509ChainBuild.zip
Expected behavior
The chain build operation should return success.
Actual behavior
The chain build action returns below error:
Regression?
No response
Known Workarounds
No response
Configuration
dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 3.1.403
Commit: 9e895200cd
Runtime Environment:
OS Name: ubuntu
OS Version: 18.04
OS Platform: Linux
RID: ubuntu.18.04-x64
Base Path: /usr/share/dotnet/sdk/3.1.403/
Host (useful for support):
Version: 3.1.9
Commit: 774fc3d6a9
.NET Core SDKs installed:
3.1.403 [/usr/share/dotnet/sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.App 3.1.9 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 3.1.9 [/usr/share/dotnet/shared/Microsoft.NETCore.App]
Other information
No response
The text was updated successfully, but these errors were encountered: