Fail on startup for Http/2 HTTPS on Win7 (#12053)

2019-07-10 20:13:01 -07:00 · 2019-07-10 20:13:01 -07:00 · 70588c741b
parent a279af52d2
commit 70588c741b
5 changed files with 85 additions and 36 deletions
--- a/src/ProjectTemplates/test/GrpcTemplateTest.cs
+++ b/src/ProjectTemplates/test/GrpcTemplateTest.cs
@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

+using System;
 using System.Runtime.InteropServices;
 using System.Threading.Tasks;
 using Templates.Test.Helpers;
@ -46,6 +47,12 @@ namespace Templates.Test
                    Assert.Contains("System.NotSupportedException: HTTP/2 over TLS is not supported on OSX due to missing ALPN support.",
                        ErrorMessages.GetFailedProcessMessageOrEmpty("Run built service", Project, serverProcess.Process));
                }
+                else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && Environment.OSVersion.Version < new Version(6, 2))
+                {
+                    Assert.True(serverProcess.Process.HasExited, "built");
+                    Assert.Contains("System.NotSupportedException: HTTP/2 over TLS is not supported on Windows 7 due to missing ALPN support.",
+                        ErrorMessages.GetFailedProcessMessageOrEmpty("Run built service", Project, serverProcess.Process));
+                }
                else
                {
                    Assert.False(
@ -64,6 +71,12 @@ namespace Templates.Test
                    Assert.Contains("System.NotSupportedException: HTTP/2 over TLS is not supported on OSX due to missing ALPN support.",
                        ErrorMessages.GetFailedProcessMessageOrEmpty("Run published service", Project, aspNetProcess.Process));
                }
+                else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && Environment.OSVersion.Version < new Version(6, 2))
+                {
+                    Assert.True(aspNetProcess.Process.HasExited, "published");
+                    Assert.Contains("System.NotSupportedException: HTTP/2 over TLS is not supported on Windows 7 due to missing ALPN support.",
+                        ErrorMessages.GetFailedProcessMessageOrEmpty("Run published service", Project, aspNetProcess.Process));
+                }
                else
                {
                    Assert.False(
--- a/src/Servers/Kestrel/Core/src/CoreStrings.resx
+++ b/src/Servers/Kestrel/Core/src/CoreStrings.resx
@ -608,6 +608,9 @@ For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?l
  <data name="HTTP2NoTlsOsx" xml:space="preserve">
    <value>HTTP/2 over TLS is not supported on OSX due to missing ALPN support.</value>
  </data>
+  <data name="HTTP2NoTlsWin7" xml:space="preserve">
+    <value>HTTP/2 over TLS is not supported on Windows 7 due to missing ALPN support.</value>
+  </data>
  <data name="Http2StreamResetByApplication" xml:space="preserve">
    <value>The HTTP/2 stream was reset by the application with error code {errorCode}.</value>
  </data>
--- a/src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs
+++ b/src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs
@ -43,10 +43,17 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Https.Internal
            }

            // This configuration will always fail per-request, preemptively fail it here. See HttpConnection.SelectProtocol().
-            if (options.HttpProtocols == HttpProtocols.Http2 && RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+            if (options.HttpProtocols == HttpProtocols.Http2)
+            {
+                if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
                {
                    throw new NotSupportedException(CoreStrings.HTTP2NoTlsOsx);
                }
+                else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && Environment.OSVersion.Version < new Version(6, 2))
+                {
+                    throw new NotSupportedException(CoreStrings.HTTP2NoTlsWin7);
+                }
+            }

            _next = next;
            // capture the certificate now so it can't be switched after validation
--- a/src/Servers/Kestrel/Kestrel/test/KestrelConfigurationBuilderTests.cs
+++ b/src/Servers/Kestrel/Kestrel/test/KestrelConfigurationBuilderTests.cs
@ -320,8 +320,9 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tests
        [InlineData("http1", HttpProtocols.Http1)]
        // [InlineData("http2", HttpProtocols.Http2)] // Not supported due to missing ALPN support. https://github.com/dotnet/corefx/issues/33016
        [InlineData("http1AndHttp2", HttpProtocols.Http1AndHttp2)] // Gracefully falls back to HTTP/1
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.Windows)]
-        public void DefaultConfigSectionCanSetProtocols_Mac(string input, HttpProtocols expected)
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.Windows, WindowsVersions.Win10, WindowsVersions.Win8, WindowsVersions.Win81)]
+        public void DefaultConfigSectionCanSetProtocols_MacAndWin7(string input, HttpProtocols expected)
            => DefaultConfigSectionCanSetProtocols(input, expected);

        [ConditionalTheory]
@ -329,7 +330,8 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tests
        [InlineData("http2", HttpProtocols.Http2)]
        [InlineData("http1AndHttp2", HttpProtocols.Http1AndHttp2)]
        [OSSkipCondition(OperatingSystems.MacOSX)]
-        public void DefaultConfigSectionCanSetProtocols_NonMac(string input, HttpProtocols expected)
+        [OSSkipCondition(OperatingSystems.Windows, WindowsVersions.Win7)]
+        public void DefaultConfigSectionCanSetProtocols_NonMacAndWin7(string input, HttpProtocols expected)
            => DefaultConfigSectionCanSetProtocols(input, expected);

        private void DefaultConfigSectionCanSetProtocols(string input, HttpProtocols expected)
@ -387,8 +389,9 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tests
        [InlineData("http1", HttpProtocols.Http1)]
        // [InlineData("http2", HttpProtocols.Http2)] // Not supported due to missing ALPN support. https://github.com/dotnet/corefx/issues/33016
        [InlineData("http1AndHttp2", HttpProtocols.Http1AndHttp2)] // Gracefully falls back to HTTP/1
-        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.Windows)]
-        public void EndpointConfigSectionCanSetProtocols_Mac(string input, HttpProtocols expected) =>
+        [OSSkipCondition(OperatingSystems.Linux)]
+        [OSSkipCondition(OperatingSystems.Windows, WindowsVersions.Win10, WindowsVersions.Win8, WindowsVersions.Win81)]
+        public void EndpointConfigSectionCanSetProtocols_MacAndWin7(string input, HttpProtocols expected) =>
            EndpointConfigSectionCanSetProtocols(input, expected);

        [ConditionalTheory]
@ -396,7 +399,8 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Tests
        [InlineData("http2", HttpProtocols.Http2)]
        [InlineData("http1AndHttp2", HttpProtocols.Http1AndHttp2)]
        [OSSkipCondition(OperatingSystems.MacOSX)]
-        public void EndpointConfigSectionCanSetProtocols_NonMac(string input, HttpProtocols expected) =>
+        [OSSkipCondition(OperatingSystems.Windows, WindowsVersions.Win7)]
+        public void EndpointConfigSectionCanSetProtocols_NonMacAndWin7(string input, HttpProtocols expected) =>
            EndpointConfigSectionCanSetProtocols(input, expected);

        private void EndpointConfigSectionCanSetProtocols(string input, HttpProtocols expected)
--- a/src/Servers/Kestrel/test/FunctionalTests/Http2/HandshakeTests.cs
+++ b/src/Servers/Kestrel/test/FunctionalTests/Http2/HandshakeTests.cs
@ -5,7 +5,6 @@ using System;
 using System.Net;
 using System.Net.Http;
 using System.Net.Security;
-using System.Runtime.InteropServices;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Hosting;
@ -57,6 +56,29 @@ namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests.Http2
            Assert.Equal("HTTP/2 over TLS is not supported on OSX due to missing ALPN support.", ex.Message);
        }

+
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
+        [OSSkipCondition(OperatingSystems.Windows, WindowsVersions.Win10, WindowsVersions.Win8, WindowsVersions.Win81)]
+        // Win7 SslStream is missing ALPN support.
+        public void TlsAndHttp2NotSupportedOnWin7()
+        {
+            var ex = Assert.Throws<NotSupportedException>(() => new TestServer(context =>
+            {
+                throw new NotImplementedException();
+            }, new TestServiceContext(LoggerFactory),
+            kestrelOptions =>
+            {
+                kestrelOptions.Listen(IPAddress.Loopback, 0, listenOptions =>
+                {
+                    listenOptions.Protocols = HttpProtocols.Http2;
+                    listenOptions.UseHttps(_x509Certificate2);
+                });
+            }));
+
+            Assert.Equal("HTTP/2 over TLS is not supported on Windows 7 due to missing ALPN support.", ex.Message);
+        }
+
        [ConditionalFact]
        [OSSkipCondition(OperatingSystems.MacOSX, SkipReason = "Missing SslStream ALPN support: https://github.com/dotnet/corefx/issues/30492")]
        [SkipOnHelix("https://github.com/aspnet/AspNetCore/issues/10428", Queues = "Debian.8.Amd64.Open")] // Debian 8 uses OpenSSL 1.0.1 which does not support HTTP/2