Lower severity of AuthenticationException logs from SslStream handshake (#2614)
This commit is contained in:
parent
b08163d3b7
commit
5ec7bacdfe
|
|
@ -5,6 +5,7 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Net.Security;
|
using System.Net.Security;
|
||||||
|
using System.Security.Authentication;
|
||||||
using System.Security.Cryptography.X509Certificates;
|
using System.Security.Cryptography.X509Certificates;
|
||||||
using System.Threading;
|
using System.Threading;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
|
|
@ -186,7 +187,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Https.Internal
|
||||||
sslStream.Dispose();
|
sslStream.Dispose();
|
||||||
return _closedAdaptedConnection;
|
return _closedAdaptedConnection;
|
||||||
}
|
}
|
||||||
catch (IOException ex)
|
catch (Exception ex) when (ex is IOException || ex is AuthenticationException)
|
||||||
{
|
{
|
||||||
_logger?.LogDebug(1, ex, CoreStrings.AuthenticationFailed);
|
_logger?.LogDebug(1, ex, CoreStrings.AuthenticationFailed);
|
||||||
sslStream.Dispose();
|
sslStream.Dispose();
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using System.IO;
|
||||||
using System.Net;
|
using System.Net;
|
||||||
using System.Net.Security;
|
using System.Net.Security;
|
||||||
using System.Net.Sockets;
|
using System.Net.Sockets;
|
||||||
|
|
@ -235,15 +236,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests
|
||||||
var request = Encoding.ASCII.GetBytes("GET / HTTP/1.1\r\nHost:\r\n\r\n");
|
var request = Encoding.ASCII.GetBytes("GET / HTTP/1.1\r\nHost:\r\n\r\n");
|
||||||
await sslStream.WriteAsync(request, 0, request.Length);
|
await sslStream.WriteAsync(request, 0, request.Length);
|
||||||
|
|
||||||
// Temporary workaround for a deadlock when reading from an aborted client SslStream on Mac and Linux.
|
await sslStream.ReadAsync(new byte[32], 0, 32);
|
||||||
if (TestPlatformHelper.IsWindows)
|
|
||||||
{
|
|
||||||
await sslStream.ReadAsync(new byte[32], 0, 32);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
await stream.ReadAsync(new byte[32], 0, 32);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -295,15 +288,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests
|
||||||
var request = Encoding.ASCII.GetBytes("GET / HTTP/1.1\r\nHost:\r\n\r\n");
|
var request = Encoding.ASCII.GetBytes("GET / HTTP/1.1\r\nHost:\r\n\r\n");
|
||||||
await sslStream.WriteAsync(request, 0, request.Length);
|
await sslStream.WriteAsync(request, 0, request.Length);
|
||||||
|
|
||||||
// Temporary workaround for a deadlock when reading from an aborted client SslStream on Mac and Linux.
|
await sslStream.ReadAsync(new byte[32], 0, 32);
|
||||||
if (TestPlatformHelper.IsWindows)
|
|
||||||
{
|
|
||||||
await sslStream.ReadAsync(new byte[32], 0, 32);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
await stream.ReadAsync(new byte[32], 0, 32);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -415,6 +400,43 @@ namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests
|
||||||
Assert.Equal(LogLevel.Debug, loggerProvider.FilterLogger.LastLogLevel);
|
Assert.Equal(LogLevel.Debug, loggerProvider.FilterLogger.LastLogLevel);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task ClientAttemptingToUseUnsupportedProtocolIsLoggedAsDebug()
|
||||||
|
{
|
||||||
|
var loggerProvider = new HandshakeErrorLoggerProvider();
|
||||||
|
LoggerFactory.AddProvider(loggerProvider);
|
||||||
|
var hostBuilder = TransportSelector.GetWebHostBuilder()
|
||||||
|
.UseKestrel(options =>
|
||||||
|
{
|
||||||
|
options.Listen(new IPEndPoint(IPAddress.Loopback, 0), listenOptions =>
|
||||||
|
{
|
||||||
|
listenOptions.UseHttps(TestResources.TestCertificatePath, "testPassword");
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.ConfigureServices(AddTestLogging)
|
||||||
|
.Configure(app => app.Run(httpContext => Task.CompletedTask));
|
||||||
|
|
||||||
|
using (var host = hostBuilder.Build())
|
||||||
|
{
|
||||||
|
host.Start();
|
||||||
|
|
||||||
|
using (var socket = await HttpClientSlim.GetSocket(new Uri($"https://127.0.0.1:{host.GetPort()}/")))
|
||||||
|
using (var stream = new NetworkStream(socket, ownsSocket: false))
|
||||||
|
using (var sslStream = new SslStream(stream, true, (sender, certificate, chain, errors) => true))
|
||||||
|
{
|
||||||
|
// SslProtocols.Tls is TLS 1.0 which isn't supported by Kestrel by default.
|
||||||
|
await Assert.ThrowsAsync<IOException>(() =>
|
||||||
|
sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null,
|
||||||
|
enabledSslProtocols: SslProtocols.Tls,
|
||||||
|
checkCertificateRevocation: false));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
await loggerProvider.FilterLogger.LogTcs.Task.TimeoutAfter(TestConstants.DefaultTimeout);
|
||||||
|
Assert.Equal(1, loggerProvider.FilterLogger.LastEventId);
|
||||||
|
Assert.Equal(LogLevel.Debug, loggerProvider.FilterLogger.LastLogLevel);
|
||||||
|
}
|
||||||
|
|
||||||
private class HandshakeErrorLoggerProvider : ILoggerProvider
|
private class HandshakeErrorLoggerProvider : ILoggerProvider
|
||||||
{
|
{
|
||||||
public HttpsConnectionFilterLogger FilterLogger { get; } = new HttpsConnectionFilterLogger();
|
public HttpsConnectionFilterLogger FilterLogger { get; } = new HttpsConnectionFilterLogger();
|
||||||
|
|
|
||||||
|
|
@ -1266,7 +1266,7 @@ namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
var scratchBuffer = new byte[maxRequestBufferSize * 2 + 1];
|
var scratchBuffer = new byte[maxRequestBufferSize * 8];
|
||||||
|
|
||||||
using (var server = new TestServer(async context =>
|
using (var server = new TestServer(async context =>
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue