Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUIC] Use client TLS options in QUIC #32069

Closed
scalablecory opened this issue Feb 10, 2020 · 4 comments · Fixed by #59544
Closed

[QUIC] Use client TLS options in QUIC #32069

scalablecory opened this issue Feb 10, 2020 · 4 comments · Fixed by #59544
Labels
area-System.Net.Quic enhancement Product code improvement that does NOT require public API changes/additions
Projects
HTTP/3
Milestone
7.0.0

Comments

@scalablecory
Copy link
Contributor

We need to get client certificates working in QuicConnection SSL options.

runtime/src/libraries/System.Net.Quic/src/System/Net/Quic/Implementations/MsQuic/MsQuicConnection.cs

Lines 88 to 93 in 5c6f5b1

internal async ValueTask SetSecurityConfigForConnection(X509Certificate cert)
{
_securityConfig = await MsQuicApi.Api.CreateSecurityConfig(cert);
// TODO this isn't being set correctly
MsQuicParameterHelpers.SetSecurityConfig(MsQuicApi.Api, _ptr, (uint)QUIC_PARAM_LEVEL.CONNECTION, (uint)QUIC_PARAM_CONN.SEC_CONFIG, _securityConfig.NativeObjPtr);
}

@scalablecory scalablecory added this to the 5.0 milestone Feb 10, 2020
@scalablecory scalablecory added this to To Do (Low Priority) in HTTP/3 via automation Feb 10, 2020
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added the untriaged New issue has not been triaged by the area owner label Feb 10, 2020
@scalablecory scalablecory removed the untriaged New issue has not been triaged by the area owner label Feb 10, 2020
@scalablecory scalablecory moved this from To Do (Low Priority) to To Do (High Priority) in HTTP/3 Feb 10, 2020
@scalablecory scalablecory changed the title Use client certificates in QUIC Use client TLS options in QUIC Feb 10, 2020
@karelz karelz added the enhancement Product code improvement that does NOT require public API changes/additions label Feb 20, 2020
@karelz karelz changed the title Use client TLS options in QUIC [QUIC] Use client TLS options in QUIC Mar 11, 2020
@scalablecory scalablecory modified the milestones: 5.0.0, 6.0.0 Aug 11, 2020
@karelz karelz mentioned this issue Feb 4, 2021
Closed
28 tasks
@ManickaP
Copy link
Member

Was this solved by #50613? Could we close this? Or what is missing?
cc: @wfurt @scalablecory

@wfurt
Copy link
Member

wfurt commented Apr 20, 2021

#50613 is not sufficient as it is focusing on typical use e.g. sever certificates.
We don't have handling for client certificates and that will also need msquic changes AFAIK (at least for OpenSSL). I'm yet to figure out if LocalCertificateSelectionCallback would work e.g. providing certificate via callback in middle of handshake instead of specifying it upfront.

CipherSuitesPolicy support was added to msquic recently but it is not plumbed from runtime AFAIK.

cc: @nibanks

@wfurt wfurt mentioned this issue Jun 16, 2021
Merged
@wfurt wfurt mentioned this issue Jul 9, 2021
Closed
@wfurt
Copy link
Member

wfurt commented Jul 9, 2021

SslClientAuthenticationOptions.LocalCertificateSelectionCallback depends on microsoft/msquic#1249

@ManickaP ManickaP moved this from To Do (High Priority) to Future in HTTP/3 Jul 15, 2021
@ManickaP ManickaP modified the milestones: 6.0.0, 7.0.0 Jul 15, 2021
@ManickaP
Copy link
Member

Triage: we have a basic support for client certificate and the callback is not yet supported by msquic, we cannot fully fix it for 6.0.

@ManickaP ManickaP mentioned this issue Jul 15, 2021
Closed
@samsp-msft samsp-msft mentioned this issue Aug 17, 2021
Closed
28 tasks
@wfurt wfurt mentioned this issue Sep 23, 2021
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Sep 23, 2021
HTTP/3 automation moved this from Future to Done Sep 24, 2021
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Sep 24, 2021
@dotnet dotnet locked as resolved and limited conversation to collaborators Nov 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Net.Quic enhancement Product code improvement that does NOT require public API changes/additions
Projects
No open projects
HTTP/3
  
Done
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

enable client certificate tests for QUIC on Linux wfurt/runtime
6 participants
@scalablecory @karelz @ManickaP @geoffkizer @wfurt @Dotnet-GitSync-Bot