diff --git a/src/libraries/System.Net.Quic/src/Resources/Strings.resx b/src/libraries/System.Net.Quic/src/Resources/Strings.resx
index 061e1647eb8cf..a29352a0578f5 100644
--- a/src/libraries/System.Net.Quic/src/Resources/Strings.resx
+++ b/src/libraries/System.Net.Quic/src/Resources/Strings.resx
@@ -150,8 +150,5 @@
Writing is not allowed on stream.
-
- The '{0}' is not supported by System.Net.Quic.
-
diff --git a/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs b/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs
index 96b168977af69..df48e0db377ae 100644
--- a/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs
+++ b/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/Interop/SafeMsQuicConfigurationHandle.cs
@@ -36,39 +36,20 @@ protected override bool ReleaseHandle()
public static unsafe SafeMsQuicConfigurationHandle Create(QuicClientConnectionOptions options)
{
X509Certificate? certificate = null;
-
- if (options.ClientAuthenticationOptions != null)
+ if (options.ClientAuthenticationOptions?.ClientCertificates != null)
{
- if (options.ClientAuthenticationOptions.CipherSuitesPolicy != null)
- {
- throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ClientAuthenticationOptions.CipherSuitesPolicy)));
- }
-
- if (options.ClientAuthenticationOptions.EncryptionPolicy == EncryptionPolicy.NoEncryption)
+ foreach (var cert in options.ClientAuthenticationOptions.ClientCertificates)
{
- throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ClientAuthenticationOptions.EncryptionPolicy)));
- }
-
- if (options.ClientAuthenticationOptions.LocalCertificateSelectionCallback != null)
- {
- throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ClientAuthenticationOptions.LocalCertificateSelectionCallback)));
- }
-
- if (options.ClientAuthenticationOptions.ClientCertificates != null)
- {
- foreach (var cert in options.ClientAuthenticationOptions.ClientCertificates)
+ try
{
- try
+ if (((X509Certificate2)cert).HasPrivateKey)
{
- if (((X509Certificate2)cert).HasPrivateKey)
- {
- // Pick first certificate with private key.
- certificate = cert;
- break;
- }
+ // Pick first certificate with private key.
+ certificate = cert;
+ break;
}
- catch { }
}
+ catch { }
}
}
@@ -78,23 +59,9 @@ public static unsafe SafeMsQuicConfigurationHandle Create(QuicClientConnectionOp
public static unsafe SafeMsQuicConfigurationHandle Create(QuicListenerOptions options)
{
QUIC_CREDENTIAL_FLAGS flags = QUIC_CREDENTIAL_FLAGS.NONE;
-
- if (options.ServerAuthenticationOptions != null)
+ if (options.ServerAuthenticationOptions != null && options.ServerAuthenticationOptions.ClientCertificateRequired)
{
- if (options.ServerAuthenticationOptions.CipherSuitesPolicy != null)
- {
- throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ServerAuthenticationOptions.CipherSuitesPolicy)));
- }
-
- if (options.ServerAuthenticationOptions.EncryptionPolicy == EncryptionPolicy.NoEncryption)
- {
- throw new PlatformNotSupportedException(SR.Format(SR.net_quic_ssl_option, nameof(options.ServerAuthenticationOptions.EncryptionPolicy)));
- }
-
- if (options.ServerAuthenticationOptions.ClientCertificateRequired)
- {
- flags |= QUIC_CREDENTIAL_FLAGS.REQUIRE_CLIENT_AUTHENTICATION | QUIC_CREDENTIAL_FLAGS.INDICATE_CERTIFICATE_RECEIVED | QUIC_CREDENTIAL_FLAGS.NO_CERTIFICATE_VALIDATION;
- }
+ flags |= QUIC_CREDENTIAL_FLAGS.REQUIRE_CLIENT_AUTHENTICATION | QUIC_CREDENTIAL_FLAGS.INDICATE_CERTIFICATE_RECEIVED | QUIC_CREDENTIAL_FLAGS.NO_CERTIFICATE_VALIDATION;
}
return Create(options, flags, options.ServerAuthenticationOptions?.ServerCertificate, options.ServerAuthenticationOptions?.ServerCertificateContext, options.ServerAuthenticationOptions?.ApplicationProtocols);