Skip to content

Commit

Permalink
Avoid frequent calls to CertificateValidationPal.IsLocalCertificateUs…
Browse files Browse the repository at this point in the history
…ed (dotnet#100513)

* Avoid frequent calls to CertificateValidationPal.IsLocalCertificateUsed

* Code review feedback
  • Loading branch information
rzikm authored and matouskozak committed Apr 30, 2024
1 parent d811c59 commit d275fdb
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,9 @@ private async Task ForceAuthenticationAsync<TIOAdapter>(bool receiveFirst, byte[
}

token.ReleasePayload();

// reset the cached flag which has potentially outdated value.
_localClientCertificateUsed = -1;
}

if (NetEventSource.Log.IsEnabled())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ internal static bool DisableTlsResume
private X509Certificate2? _remoteCertificate;
private bool _remoteCertificateExposed;

// -1 for uninitialized, 0 for false, 1 for true, should be accessed via IsLocalClientCertificateUsed property
private int _localClientCertificateUsed = -1;

// These are the MAX encrypt buffer output sizes, not the actual sizes.
private int _headerSize = 5; //ATTN must be set to at least 5 by default
private int _trailerSize = 16;
Expand All @@ -82,11 +85,28 @@ internal X509Certificate? LocalServerCertificate
}
}

// IsLocalCertificateUsed is expensive, but it does not change during the lifetime of the SslStream except for renegotiation, so we
// can cache the value.
private bool IsLocalClientCertificateUsed
{
get
{
if (_localClientCertificateUsed == -1)
{
_localClientCertificateUsed = CertificateValidationPal.IsLocalCertificateUsed(_credentialsHandle, _securityContext!)
? 1
: 0;
}

return _localClientCertificateUsed == 1;
}
}

internal X509Certificate? LocalClientCertificate
{
get
{
if (_selectedClientCertificate != null && CertificateValidationPal.IsLocalCertificateUsed(_credentialsHandle, _securityContext!))
if (_selectedClientCertificate != null && IsLocalClientCertificateUsed)
{
return _selectedClientCertificate;
}
Expand Down

0 comments on commit d275fdb

Please sign in to comment.