Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

avoid allocation of SafeFreeSslCredentials and SafeDeleteSslContext on Linux #69527

Merged
merged 22 commits into from
Aug 15, 2022

Conversation

wfurt
Copy link
Member

@wfurt wfurt commented May 18, 2022

SafeFreeSslCredentials really have no meaning on Linux (unlike Schannel) and we simple drag copy of some properties from sslAuthenticationOptions. The only difference is that we carte copy of certificates handle and key early so it would probably work even if disposed. I moved existing code to AllocateSslContext and we will get the handles when we carte the TLS session.

SafeDeleteSslContext is basically wrapper that only stores reference to another SafeHandle. To avoid that, I made SafeSslHandle subclass from SafeDeleteSslContext so I can use single object. There may be better way to do it. For one, I was thinking about actually merging but the benefits seems same and it would be much bigger change.

@wfurt wfurt added area-System.Net.Security os-linux Linux OS (any supported distro) labels May 18, 2022
@wfurt wfurt requested review from stephentoub and a team May 18, 2022 23:50
@wfurt wfurt self-assigned this May 18, 2022
@ghost
Copy link

ghost commented May 18, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

SafeFreeSslCredentials really have no meaning on Linux (unlike Schannel) and we simple drag copy of some properties from sslAuthenticationOptions. The only difference is that we carte copy of certificates handle and key early so it would probably work even if disposed. I moved existing code to AllocateSslContext and we will get the handles when we carte the TLS session.

SafeDeleteSslContext is basically wrapper that only stores reference to another SafeHandle. To avoid that, I made SafeSslHandle subclass from SafeDeleteSslContext so I can use single object. There may be better way to do it. For one, I was thinking about actually merging but the benefits seems same and it would be much bigger change.

Author: wfurt
Assignees: wfurt
Labels:

area-System.Net.Security, os-linux

Milestone: -


using (SafeX509Handle certHandle = Interop.Crypto.X509UpRef(cert.Handle))
{
SetSslCertificate(contextPtr, certHandle, certKeyHandle);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens to certKeyHandle after this SetSslCertificate call?

@wfurt
Copy link
Member Author

wfurt commented Jun 8, 2022

/azp run runtime-extra-platforms

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@wfurt
Copy link
Member Author

wfurt commented Jul 1, 2022

This is ready for another pass @stephentoub.

Copy link
Member

@stephentoub stephentoub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly looks good, but some SafeHandle-related issues to be addressed before it can be merged.

@wfurt
Copy link
Member Author

wfurt commented Aug 14, 2022

I made updates to address comments @stephentoub. Can you please take another look?

Co-authored-by: Stephen Toub <stoub@microsoft.com>
@wfurt wfurt merged commit 3af3e80 into dotnet:main Aug 15, 2022
@wfurt wfurt deleted the sslContext branch August 15, 2022 23:09
@karelz karelz added this to the 7.0.0 milestone Aug 22, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Sep 21, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-System.Net.Security os-linux Linux OS (any supported distro)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants