Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HTTP/3] ServerCertificateCustomValidationCallback causes connection error #55192

Closed
JamesNK opened this issue Jul 6, 2021 · 5 comments · Fixed by #55526
Closed

[HTTP/3] ServerCertificateCustomValidationCallback causes connection error #55192

JamesNK opened this issue Jul 6, 2021 · 5 comments · Fixed by #55526
Assignees
@ManickaP
Labels
area-System.Net.Http
Milestone
6.0.0

Comments

@JamesNK
Copy link
Member

JamesNK commented Jul 6, 2021

Adding ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator causes a connection error on send.

Code:

// HTTP/3
var httpClientHandler = new HttpClientHandler();
httpClientHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

using (var client = new HttpClient(httpClientHandler))
{
    var request = new HttpRequestMessage(HttpMethod.Get, $"https://127.0.0.1:{http3Port}/");
    request.Version = HttpVersion.Version30;
    request.VersionPolicy = HttpVersionPolicy.RequestVersionExact;

    // Act
    var response = await client.SendAsync(request).DefaultTimeout();

    // Assert
    response.EnsureSuccessStatusCode();
    Assert.Equal(HttpVersion.Version30, response.Version);
    var responseText = await response.Content.ReadAsStringAsync().DefaultTimeout();
    Assert.Equal("hello, world", responseText);
}

Error:

    System.Net.Http.HttpRequestException : Connection has been shutdown by transport. Error Code: 0x8041012A (127.0.0.1:5005)
    ---- System.Net.Quic.QuicException : Connection has been shutdown by transport. Error Code: 0x8041012A
@ghost
Copy link

ghost commented Jul 6, 2021

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

Adding ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator causes a connection error on send.

Code:

// HTTP/3
var httpClientHandler = new HttpClientHandler();
httpClientHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

using (var client = new HttpClient(httpClientHandler))
{
    var request = new HttpRequestMessage(HttpMethod.Get, $"https://127.0.0.1:{http3Port}/");
    request.Version = HttpVersion.Version30;
    request.VersionPolicy = HttpVersionPolicy.RequestVersionExact;

    // Act
    var response = await client.SendAsync(request).DefaultTimeout();

    // Assert
    response.EnsureSuccessStatusCode();
    Assert.Equal(HttpVersion.Version30, response.Version);
    var responseText = await response.Content.ReadAsStringAsync().DefaultTimeout();
    Assert.Equal("hello, world", responseText);
}

Error:

    System.Net.Http.HttpRequestException : Connection has been shutdown by transport. Error Code: 0x8041012A (127.0.0.1:5005)
    ---- System.Net.Quic.QuicException : Connection has been shutdown by transport. Error Code: 0x8041012A
Author: JamesNK
Assignees: -
Labels:

area-System.Net.Http
Milestone: -

@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Jul 6, 2021
@wfurt
Copy link
Member

wfurt commented Jul 6, 2021

BTW if you register real callback do you see the correct certificate there?

@JamesNK
Copy link
Member Author

JamesNK commented Jul 6, 2021

Same error, breakpoint in callback never hit:

var httpClientHandler = new HttpClientHandler();
httpClientHandler.ServerCertificateCustomValidationCallback = (_, __, ___, ____) =>
{
    return true;
};

@ManickaP ManickaP removed the untriaged New issue has not been triaged by the area owner label Jul 6, 2021
@ManickaP ManickaP added this to the 6.0.0 milestone Jul 6, 2021
@wfurt
Copy link
Member

wfurt commented Jul 6, 2021 

HandleEventPeerCertificateReceived going to call System.Net.Security.RemoteCertificateValidationCallback
System.InvalidCastException: Unable to cast object of type 'System.Net.Quic.Implementations.MsQuic.MsQuicConnection' to type 'System.Net.Http.HttpRequestMessage'.
   at System.Net.Http.ConnectHelper.CertificateCallbackMapper.<.ctor>b__2_0(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) in C:\Users\test\github\wfurt-runtime2\src\libraries\System.Net.Http\src\System\Net\Http\SocketsHttpHandler\ConnectHelper.cs:line 32
   at System.Net.Quic.Implementations.MsQuic.MsQuicConnection.HandleEventPeerCertificateReceived(State state, ConnectionEvent& connectionEvent) in C:\Users\test\github\wfurt-runtime2\src\libraries\System.Net.Quic\src\System\Net\Quic\Implementations\MsQuic\MsQuicConnection.cs:line 401
QUIC_CONNECTION_EVENT_TYPE.PEER_CERTIFICATE_RECEIVED returning 2151743491 0x80410003

this looks like a problem mapping (Ms)Quic connection back to HttpRequestMessage

#55193 may have similar reason.

@wfurt wfurt mentioned this issue Jul 7, 2021
Closed
@JamesNK JamesNK mentioned this issue Jul 7, 2021
Closed
@ManickaP ManickaP self-assigned this Jul 8, 2021
@ManickaP
Copy link
Member

ManickaP commented Jul 9, 2021

Got repro, will continue on Mon.

@karelz karelz changed the title HTTP/3: ServerCertificateCustomValidationCallback causes connection error [HTTP/3] ServerCertificateCustomValidationCallback causes connection error Jul 12, 2021
@ManickaP ManickaP mentioned this issue Jul 12, 2021
Merged
@wfurt wfurt mentioned this issue Jul 12, 2021
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Aug 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ManickaP ManickaP

Labels
area-System.Net.Http
Projects
None yet
Milestone
6.0.0
Development

Successfully merging a pull request may close this issue.

H/3 Server Cert validation callback exception fix ManickaP/runtime
3 participants
@JamesNK @ManickaP @wfurt