Skip to content

Incoming connections can stop HTTP/3 accept loop #43723

New issue
New issue
Closed
Closed
Incoming connections can stop HTTP/3 accept loop#43723
Assignees
JamesNK
Labels
HTTP3area-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractionsbugThis issue describes a behavior which is not expected - a bug.feature-kestrel
Milestone
7.0-rc2
@halter73

Description

@halter73
halter73
opened on Sep 2, 2022

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

It appears that authentication failures during the quic connection handshake can cause QuicListener.AcceptConnectionAsync and subsequently QuicConnectionListener.AcceptAsync to throw an AuthenticationException which can "hang" the http/3 connection accept loop similarly to #41556. @JamesNK

Expected Behavior

Authentication failures should not affect the ability to accept subsequent HTTP/3 connections.

Steps To Reproduce

  1. Run Http3SampleApp.
  2. Run the following console app.
using System.Net;

using var httpClientHandler = new HttpClientHandler();
//httpClientHandler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

using var client = new HttpClient(httpClientHandler);
using var request = new HttpRequestMessage(HttpMethod.Get, "https://127.0.0.1:5001/");
request.Version = HttpVersion.Version30;
request.VersionPolicy = HttpVersionPolicy.RequestVersionExact;

using var response = await client.SendAsync(request);

Console.WriteLine($"Response: {await response.Content.ReadAsStringAsync()}");

Console.WriteLine("Done!");

Exceptions (if any)

[15:15:43.613] crit: Microsoft.AspNetCore.Server.Kestrel[0]
      The connection listener failed to accept any new connections.
      System.Security.Authentication.AuthenticationException: Authentication failed because the remote party sent a TLS alert: 'BadCertificate'.
         at System.Net.Quic.QuicConnection.HandleEventShutdownInitiatedByTransport(_SHUTDOWN_INITIATED_BY_TRANSPORT_e__Struct& data)
         at System.Net.Quic.QuicConnection.HandleConnectionEvent(QUIC_CONNECTION_EVENT& connectionEvent)
         at System.Net.Quic.QuicConnection.NativeCallback(QUIC_HANDLE* connection, Void* context, QUIC_CONNECTION_EVENT* connectionEvent)
      --- End of stack trace from previous location ---
         at System.Net.Quic.ValueTaskSource.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
         at System.Net.Quic.QuicListener.PendingConnection.StartHandshake(QuicConnection connection, SslClientHelloInfo clientHello, Func`4 connectionOptionsCallback)
         at System.Net.Quic.QuicListener.PendingConnection.DisposeAsync()
         at System.Net.Quic.QuicListener.AcceptConnectionAsync(CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Server.Kestrel.Transport.Quic.Internal.QuicConnectionListener.AcceptAsync(IFeatureCollection features, CancellationToken cancellationToken) in C:\dev\dotnet\aspnetcore\src\Servers\Kestrel\Transport.Quic\src\Internal\QuicConnectionListener.cs:line 150
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.ConnectionDispatcher`1.<>c__DisplayClass8_0.<<StartAcceptingConnectionsCore>g__AcceptConnectionsAsync|0>d.MoveNext() in C:\dev\dotnet\aspnetcore\src\Servers\Kestrel\Core\src\Internal\ConnectionDispatcher.cs:line 43

.NET Version

7.0.100-rc.2.22426.5

Anything else?

The was done locally on a Windows 11 21H2 machine.

Metadata

Metadata

Assignees

Labels

HTTP3area-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractionsbugThis issue describes a behavior which is not expected - a bug.feature-kestrel

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions