Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Android] PlatformNotSupported failures inside System.Net.Security.Tests #104010

Closed
matouskozak opened this issue Jun 26, 2024 · 6 comments · Fixed by #104016
Closed

[Android] PlatformNotSupported failures inside System.Net.Security.Tests #104010

matouskozak opened this issue Jun 26, 2024 · 6 comments · Fixed by #104016
Assignees
@simonrozsival
Labels
arch-arm32 arch-arm64 arch-x64 arch-x86 area-System.Security blocking-clean-ci Blocking PR or rolling runs of 'runtime' or 'runtime-extra-platforms' Known Build Error Use this to report build issues in the .NET Helix tab os-android

Comments

@matouskozak
Copy link
Member

matouskozak commented Jun 26, 2024
edited by build-analysis bot
Loading

Build Information

Build: https://dev.azure.com/dnceng-public/public/_build/results?buildId=719424
Build error leg or test failing: System.Net.Security.Tests
Affected CI: android-[arm/arm64/x64/x86] Release AllSubsets_Mono (runtime-extra-platforms)
Range of commits: 71ab8f1...3bcc947

Sample stack trace:

06-25 03:37:16.836 22214 27315 I DOTNET  : 1) 	[FAIL] System.Net.Security.Tests.CertificateValidationClientServer.CertificateValidationClientServer_EndToEnd_Ok   Test name: System.Net.Security.Tests.CertificateValidationClientServer.CertificateValidationClientServer_EndToEnd_Ok(clientCertSource: CertificateContext)   Test case: System.Net.Security.Tests.CertificateValidationClientServer.CertificateValidationClientServer_EndToEnd_Ok
06-25 03:37:16.836 22214 27315 I DOTNET  :    Assembly:  [System.Net.Security.Tests, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51]
06-25 03:37:16.836 22214 27315 I DOTNET  :    Exception messages: System.PlatformNotSupportedException : An empty custom trust store is not supported on this platform.   Exception stack traces:    at System.Security.Cryptography.X509Certificates.ChainPal.AndroidCertPath.Initialize(ICertificatePal cert, X509Certificate2Collection extraStore, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan timeout, Boolean disableAia)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate, Boolean throwOnException)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Net.Security.SslStreamCertificateContext.Create(X509Certificate2 target, X509Certificate2Collection additionalCertificates, Boolean offline, SslCertificateTrust trust, Boolean noOcspFetch)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Net.Security.SslStreamCertificateContext.Create(X509Certificate2 target, X509Certificate2Collection additionalCertificates, Boolean offline, SslCertificateTrust trust)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Net.Security.Tests.CertificateValidationClientServer.CertificateValidationClientServer_EndToEnd_Ok(ClientCertSource clientCertSource) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/CertificateValidationClientServer.cs:line 188
06-25 03:37:16.837 22214 27315 I DOTNET  : --- End of stack trace from previous location ---
06-25 03:37:16.837 22214 27315 I DOTNET  :    Execution time: 0.6194307
06-25 03:37:16.837 22214 27315 I DOTNET  : 2) 	[FAIL] System.Net.Security.Tests.SslStreamMutualAuthenticationTest.SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTrue   Test name: System.Net.Security.Tests.SslStreamMutualAuthenticationTest.SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTrue(clientCertificateRequired: True, certSource: CertificateContext)   Test case: System.Net.Security.Tests.SslStreamMutualAuthenticationTest.SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTrue
06-25 03:37:16.837 22214 27315 I DOTNET  :    Assembly:  [System.Net.Security.Tests, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51]
06-25 03:37:16.837 22214 27315 I DOTNET  :    Exception messages: System.PlatformNotSupportedException : An empty custom trust store is not supported on this platform.   Exception stack traces:    at System.Security.Cryptography.X509Certificates.ChainPal.AndroidCertPath.Initialize(ICertificatePal cert, X509Certificate2Collection extraStore, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan timeout, Boolean disableAia)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate, Boolean throwOnException)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Net.Security.SslStreamCertificateContext.Create(X509Certificate2 target, X509Certificate2Collection additionalCertificates, Boolean offline, SslCertificateTrust trust, Boolean noOcspFetch)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Net.Security.SslStreamCertificateContext.Create(X509Certificate2 target, X509Certificate2Collection additionalCertificates, Boolean offline, SslCertificateTrust trust)
06-25 03:37:16.837 22214 27315 I DOTNET  :    at System.Net.Security.Tests.SslStreamMutualAuthenticationTest.SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTrue(Boolean clientCertificateRequired, ClientCertSource certSource) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamMutualAuthenticationTest.cs:line 91
06-25 03:37:16.837 22214 27315 I DOTNET  : --- End of stack trace from previous location ---
06-25 03:37:16.837 22214 27315 I DOTNET  :    Execution time: 0.4337587
06-25 03:37:16.837 22214 27315 I DOTNET  : 3) 	[FAIL] System.Net.Security.Tests.SslStreamMutualAuthenticationTest.SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTrue   Test name: System.Net.Security.Tests.SslStreamMutualAuthenticationTest.SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTrue(clientCertificateRequired: False, certSource: CertificateContext)   Test case: System.Net.Security.Tests.SslStreamMutualAuthenticationTest.SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTrue
06-25 03:37:16.837 22214 27315 I DOTNET  :    Assembly:  [System.Net.Security.Tests, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51]
06-25 03:37:16.837 22214 27315 I DOTNET  :    Exception messages: System.PlatformNotSupportedException : An empty custom trust store is not supported on this platform.   Exception stack traces:    at System.Security.Cryptography.X509Certificates.ChainPal.AndroidCertPath.Initialize(ICertificatePal cert, X509Certificate2Collection extraStore, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode)
06-25 03:37:16.838 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, X509Certificate2Collection customTrustStore, X509ChainTrustMode trustMode, DateTime verificationTime, TimeSpan timeout, Boolean disableAia)
06-25 03:37:16.838 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate, Boolean throwOnException)
06-25 03:37:16.838 22214 27315 I DOTNET  :    at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate)
06-25 03:37:16.838 22214 27315 I DOTNET  :    at System.Net.Security.SslStreamCertificateContext.Create(X509Certificate2 target, X509Certificate2Collection additionalCertificates, Boolean offline, SslCertificateTrust trust, Boolean noOcspFetch)
06-25 03:37:16.838 22214 27315 I DOTNET  :    at System.Net.Security.SslStreamCertificateContext.Create(X509Certificate2 target, X509Certificate2Collection additionalCertificates, Boolean offline, SslCertificateTrust trust)
06-25 03:37:16.838 22214 27315 I DOTNET  :    at System.Net.Security.Tests.SslStreamMutualAuthenticationTest.SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTrue(Boolean clientCertificateRequired, ClientCertSource certSource) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamMutualAuthenticationTest.cs:line 91

Error Message

Fill the error message using step by step known issues guidance.

{
  "ErrorMessage": "System.PlatformNotSupportedException : An empty custom trust store is not supported on this platform.",
  "BuildRetry": false,
  "ExcludeConsoleLog": false
}

Known issue validation

Build: 🔎 https://dev.azure.com/dnceng-public/public/_build/results?buildId=719424
Error message validated: [System.PlatformNotSupportedException : An empty custom trust store is not supported on this platform.]
Result validation: ❌ Known issue did not match with the provided build.
Validation performed at: 6/26/2024 7:23:14 AM UTC

Report

Summary

24-Hour Hit Count 7-Day Hit Count 1-Month Count
0 0 0
@matouskozak matouskozak added arch-arm32 arch-arm64 arch-x86 arch-x64 blocking-clean-ci Blocking PR or rolling runs of 'runtime' or 'runtime-extra-platforms' os-android Known Build Error Use this to report build issues in the .NET Helix tab labels Jun 26, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to 'arch-android': @vitek-karas, @simonrozsival, @steveisok, @akoeplinger
See info in area-owners.md if you want to be subscribed.

@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label Jun 26, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@matouskozak
Copy link
Member Author

Could it be caused by the change inside #103372 @wfurt ? cc: @simonrozsival

@matouskozak matouskozak mentioned this issue Jun 26, 2024
Open
@simonrozsival
Copy link
Member

@matouskozak that seems related, I will investigate

@simonrozsival simonrozsival self-assigned this Jun 26, 2024
@simonrozsival simonrozsival mentioned this issue Jun 26, 2024
Merged
@adamsitnik
Copy link
Member

It could be also related to #102167

@matouskozak
Copy link
Member Author

It could be also related to #102167

Thank you Adam, it looks like we have two separate issue. Created a new issue for failure which is probably caused by the linked commit #104030.

@dotnet-policy-service dotnet-policy-service bot removed the untriaged New issue has not been triaged by the area owner label Jun 28, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@simonrozsival simonrozsival

Labels
arch-arm32 arch-arm64 arch-x64 arch-x86 area-System.Security blocking-clean-ci Blocking PR or rolling runs of 'runtime' or 'runtime-extra-platforms' Known Build Error Use this to report build issues in the .NET Helix tab os-android
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Android] Fix SslStreamCertificateContext empty custom trust store exception simonrozsival/runtime
3 participants
@simonrozsival @adamsitnik @matouskozak