Change HttpSys default client cert mode to Allow Cert #14840 (#23162)

This commit is contained in:
Chris Ross 2020-06-19 16:34:56 -07:00 committed by GitHub
parent 724c2e75a7
commit 4d7a79ad64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 3 deletions

View File

@ -333,7 +333,18 @@ namespace Microsoft.AspNetCore.Server.HttpSys
{ {
if (IsNotInitialized(Fields.ClientCertificate)) if (IsNotInitialized(Fields.ClientCertificate))
{ {
_clientCert = await Request.GetClientCertificateAsync(cancellationToken); var method = _requestContext.Server.Options.ClientCertificateMethod;
if (method != ClientCertificateMethod.NoCertificate)
{
// Check if a cert was already available on the connection.
_clientCert = Request.ClientCertificate;
}
if (_clientCert == null && method == ClientCertificateMethod.AllowRenegotation)
{
_clientCert = await Request.GetClientCertificateAsync(cancellationToken);
}
SetInitialized(Fields.ClientCertificate); SetInitialized(Fields.ClientCertificate);
} }
return _clientCert; return _clientCert;

View File

@ -55,11 +55,11 @@ namespace Microsoft.AspNetCore.Server.HttpSys
public RequestQueueMode RequestQueueMode { get; set; } public RequestQueueMode RequestQueueMode { get; set; }
/// <summary> /// <summary>
/// Indicates how client certificates should be populated. The default is to allow renegotation. /// Indicates how client certificates should be populated. The default is to allow a certificate without renegotiation.
/// This does not change the netsh 'clientcertnegotiation' binding option which will need to be enabled for /// This does not change the netsh 'clientcertnegotiation' binding option which will need to be enabled for
/// ClientCertificateMethod.AllowCertificate to resolve a certificate. /// ClientCertificateMethod.AllowCertificate to resolve a certificate.
/// </summary> /// </summary>
public ClientCertificateMethod ClientCertificateMethod { get; set; } = ClientCertificateMethod.AllowRenegotation; public ClientCertificateMethod ClientCertificateMethod { get; set; } = ClientCertificateMethod.AllowCertificate;
/// <summary> /// <summary>
/// The maximum number of concurrent accepts. /// The maximum number of concurrent accepts.