PoC: low level TLS machine#128744
Open
wfurt wants to merge 18 commits into
Open
Conversation
Introduces internal-preview public types TlsContext, TlsSession, and TlsOperationStatus exposing a non-blocking, transport-agnostic TLS state machine. The PoC implementation is Linux/FreeBSD-only and reuses the existing SslStreamPal (AcceptSecurityContext / InitializeSecurityContext / EncryptMessage / DecryptMessage). On other platforms the types are present as PlatformNotSupportedException stubs so ApiCompat passes. SslStream is intentionally untouched (Stage 1 of the proposal). Adds TlsSessionTests covering: - Server TlsSession against a real SslStream client (handshake + ping/pong) - ArgumentNullException from TlsContext.Create - InvalidOperationException from Encrypt/Decrypt before handshake
Adds an internal wedge in SslStream that routes NextMessage / Encrypt /
Decrypt through TlsSession on Linux/FreeBSD. On other platforms the
partial method stubs return false and the existing PAL path runs
unchanged.
TlsSession additions:
- TlsContext.WrapShared() so the wedge can reuse SslStream's own
SslAuthenticationOptions bag (preserves SNI / cert selection results
and avoids double Dispose).
- HandshakeStepForSslStream / EncryptForSslStream / DecryptForSslStream
surface that keeps SslStream's ProtocolToken-based plumbing intact.
- SecurityContext / CredentialsHandle accessors so SslStream can mirror
the SafeHandles back into its own fields for cert validation, channel
binding, ProcessHandshakeSuccess, and Dispose to continue working.
- TlsOperationStatus.WantCredentials surfaced from ProcessHandshake
when the PAL reports CredentialsNeeded (OpenSSL client cert path).
- Decrypt now treats Renegotiate as transparent: OpenSSL handles
renegotiation internally inside SSL_read, so we just consume the
frame and ask for more input.
The wedge calls AcquireServerCredentials / AcquireClientCredentials on
the very first server / client handshake step to preserve the legacy
GenerateToken bootstrap (resolves the cert via the various delegates
and assigns CertificateContext, which Interop.OpenSsl asserts on).
Test status: 4969 of 4977 pass with wedge active; remaining 8 are TLS
1.3 post-handshake auth scenarios (mutual auth + client-cert callback
returning null) that need follow-up. No new tests broken vs. baseline.
Adds public TlsOperationStatus Shutdown(Span<byte>, out int) to TlsSession on Linux/FreeBSD plus a PNSE stub on other platforms. Drives SslStreamPal.ApplyShutdownToken followed by one PAL handshake step to extract the close_notify bytes into pending output. Idempotent across drains; returns Closed once fully drained. Adds test ServerSession_Shutdown_DeliversCloseNotifyToSslStreamClient verifying an SslStream client observes EOF after the server-side shutdown.
Adds public ChannelBinding? GetChannelBinding(ChannelBindingKind) to TlsSession on Linux/FreeBSD plus a PNSE stub on other platforms. Delegates to SslStreamPal.QueryContextChannelBinding so the binding material matches what SslStream produces over the same session. Adds test ServerSession_ChannelBinding_MatchesSslStreamClient that authenticates an SslStream client against a TlsSession server and verifies both sides derive the same tls-unique channel binding bytes.
Adds two public APIs on TlsSession (Linux/FreeBSD) with PNSE stubs on
other platforms:
- X509Certificate2? LocalCertificate { get; } returns the server cert on
a server session, or the negotiated client cert on a client session
(using CertificateValidationPal.IsLocalCertificateUsed to gate the
client-side case after handshake).
- TlsOperationStatus RequestClientCertificate(Span<byte>, out int) drives
SslStreamPal.Renegotiate which, on TLS 1.3, issues a post-handshake
CertificateRequest, and on TLS 1.2 initiates renegotiation. The
generated bytes flow through the pending-output buffer. After the
caller forwards them and continues normal Decrypt, the peer's response
is processed transparently by OpenSSL and the new certificate becomes
observable via GetRemoteCertificate.
The mutual-auth round trip is not yet end-to-end covered by a TlsSession
test because TlsSession lacks plumbing for RemoteCertificateValidationCallback
on the standalone path (Interop.OpenSsl.CertVerifyCallback derefs
options.SslStream, which TlsSession does not own). That gap also affects
any initial-handshake mutual-auth scenario on a standalone TlsSession
and is tracked as a separate follow-up.
Standalone TlsSession instances did not invoke the user-supplied RemoteCertificateValidationCallback because the OpenSSL CertVerifyCallback dereferenced options.SslStream, which is only set when an SslStream owns the session. Mutual-auth (including TLS 1.3 PHA) failed with 'certificate verify failed'. Decouple the verify callback from SslStream: - Add VerifyRemoteCertificateCallback delegate + RemoteCertificateValidator hook on SslAuthenticationOptions, plus a SafeSslHandle slot populated by SafeSslHandle.Create. - Extract SslStream.VerifyRemoteCertificate's core into a static helper (VerifyRemoteCertificateCore) shared by SslStream and TlsSession. - TlsSession.Create registers its own validator on the options when one isn't already set (SslStream wedge keeps its own). - Interop.OpenSsl.CertVerifyCallback now drives the hook + handle on options instead of options.SslStream. Add a server-side mutual-auth test that verifies the standalone TlsSession surfaces the client certificate to the user callback.
The Encrypt/Decrypt wedge was a pure pass-through: both the wedged and
direct paths called SslStreamPal.{Encrypt,Decrypt}Message on the same
_securityContext (TlsSession mirrors that handle back to SslStream
after each handshake step). There was no PAL difference to hide, just
an extra hop, two partial methods, and the TlsSession-side helpers.
Remove TryEncryptViaTlsSession / TryDecryptViaTlsSession (both partial
declarations and Unix/NotUnix implementations), inline the PAL call in
SslStream.Encrypt / SslStream.Decrypt, and drop the now-dead
EncryptForSslStream / DecryptForSslStream helpers on TlsSession.
The handshake wedge stays — that one owns credentials acquisition and
the ProtocolToken plumbing, so it's a meaningful demonstration that
TlsSession can host SslStream's TLS engine.
Two new tests: 1. TwoSessions_HandshakeAndPingPong_InMemory_Succeeds Pure in-memory TlsSession <-> TlsSession: no transport, no async at all. Drives both sides synchronously through ProcessHandshake by swapping byte arrays. Proves the TlsSession surface is a self-contained TLS engine that doesn't need SslStream or any I/O abstraction. Pinned to TLS 1.2: a pure in-memory two-session loop currently does not handle the TLS 1.3 post-handshake NewSessionTicket records OpenSSL emits after the server consumes the client Finished. With SslStream on one side those records are absorbed by SslStream's data path. The standalone TlsSession surface does not yet handle them (same scope as the PHA / renegotiation gap). 2. ClientSession_AgainstSslStreamServer_HandshakeAndPingPong_Succeeds Mirror of the existing server-side test: TlsSession is the client, SslStream is the server. Confirms the handshake driver is role- agnostic. Renamed DriveServerHandshakeAsync to DriveHandshakeAsync to reflect that it works for either role.
Two changes: 1. Fix the in-memory two-session TLS 1.3 case. The previous 'bad MAC' failure was not a bug -- it was OpenSSL's normal TLS 1.3 state machine behavior surfacing in an unusual call pattern. After the server consumes the client Finished it emits NewSessionTicket records on the server->client side. The client MUST consume those records (via Decrypt) before its first Encrypt call: otherwise OpenSSL on the client has not yet finalized its write-key transition from client_handshake_traffic_secret to client_application_traffic_secret, and the server (which has already moved its receive key) rejects the resulting ciphertext as 'decryption failed or bad record mac'. In real network deployments the client's receive pump always consumes these bytes before sending; in this synchronous in-memory loop we drain them explicitly. Test is now a [Theory] covering both TLS 1.2 and TLS 1.3. 2. Add ServerSession_OnNonBlockingSocket_AgainstSslStreamClient_Succeeds. Drives a TlsSession-as-server against a real loopback Socket in non-blocking mode (Socket.Blocking = false). Sends and receives go through Socket.Send/Receive directly and handle WouldBlock by polling. The peer is a plain SslStream client over a NetworkStream. Exercises the 'give me raw socket bytes, I don't care about your I/O model' contract end to end: TlsSession itself never blocks on I/O; the caller is responsible for transport readiness.
…on, ALPN test, async-cert doc)
On TLS 1.3, SChannel surfaces SEC_I_RENEGOTIATE from DecryptMessage for post-handshake records (NewSessionTicket, KeyUpdate, post-handshake CertificateRequest). The decrypted inner record must be fed back into AcceptSecurityContext/InitializeSecurityContext or the next DecryptMessage returns SEC_E_CONTEXT_EXPIRED. Decrypt now invokes a new ProcessPostHandshakeMessage helper and returns Complete so the caller's loop re-enters to process any application data that arrived in the same TCP segment as the NST. All TlsSessionTests pass (13/13).
wfurt
added
the
NO-MERGE
Contributor
|
Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR prototypes a low-level, caller-driven TLS state machine for System.Net.Security, exposing TlsContext, TlsSession, and TlsOperationStatus, and wiring Linux/FreeBSD SslStream handshakes through that implementation as a wedge.
Changes:
- Adds new public TLS session/context APIs and platform-specific implementations/stubs.
- Refactors certificate validation plumbing so OpenSSL callbacks can be shared by
SslStreamandTlsSession. - Adds functional tests for handshake, encryption/decryption, ALPN, SNI, shutdown, channel binding, and renegotiation scenarios.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
src/libraries/System.Net.Security/ref/System.Net.Security.cs |
Adds public API surface for TlsContext, TlsSession, and TlsOperationStatus. |
src/libraries/System.Net.Security/src/System.Net.Security.csproj |
Includes new TLS session and SslStream wedge files by platform. |
src/libraries/System.Net.Security/src/System/Net/Security/TlsContext.cs |
Adds reusable TLS configuration wrapper over SslAuthenticationOptions. |
src/libraries/System.Net.Security/src/System/Net/Security/TlsOperationStatus.cs |
Adds operation status enum for non-blocking TLS operations. |
src/libraries/System.Net.Security/src/System/Net/Security/TlsSession.cs |
Implements the low-level TLS state machine. |
src/libraries/System.Net.Security/src/System/Net/Security/TlsSession.Stub.cs |
Adds unsupported-platform stub implementation. |
src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Unix.cs |
Routes Unix SslStream handshake steps through TlsSession. |
src/libraries/System.Net.Security/src/System/Net/Security/SslStream.NotUnix.cs |
Keeps non-Unix SslStream on the existing path. |
src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs |
Adds wedge hook and shared certificate validation core. |
src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs |
Wires OpenSSL certificate validation callback through options. |
src/libraries/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs |
Adds callback and handle slots for OpenSSL validation plumbing. |
src/libraries/System.Net.Security/src/System/Net/Security/NetEventSource.Security.cs |
Generalizes certificate validation logging sender type. |
src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.Ssl.cs |
Stores the created SafeSslHandle on authentication options. |
src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs |
Uses the new options-based validation callback path. |
src/libraries/System.Net.Security/tests/FunctionalTests/System.Net.Security.Tests.csproj |
Includes new TLS session tests on Unix/Windows targets. |
src/libraries/System.Net.Security/tests/FunctionalTests/TlsSessionTests.cs |
Adds functional coverage for the prototype API. |
src/libraries/System.Net.Security/tests/UnitTests/Fakes/FakeSslStream.Implementation.cs |
Updates fake options to match the new callback field. |
Comment on lines
+871
to
+882
| SslStream.VerifyRemoteCertificateCore( | ||
| this, | ||
| _context.Options, | ||
| _securityContext, | ||
| ref _remoteCertificate, | ||
| ref _connectionInfo, | ||
| cert, | ||
| chain, | ||
| trust: null, | ||
| ref alertToken, | ||
| out _, | ||
| out _); |
| TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = (ushort)53251, | ||
| TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 = (ushort)53253, | ||
| } | ||
| public enum TlsOperationStatus |
| // can drive the user RemoteCertificateValidationCallback even for a | ||
| // standalone TlsSession. If SslStream wraps this session (wedge mode), | ||
| // it sets its own validator first and we leave it untouched. | ||
| context.Options.RemoteCertificateValidator ??= session.VerifyRemoteCertificate; |
Comment on lines
+862
to
+864
| bool needsValidation = !_context.IsServer || _context.Options.RemoteCertRequired; | ||
| if (needsValidation) | ||
| { |
Mirror legacy GenerateToken's bookkeeping: when AcquireClientCredentials is re-run with newCredentialsRequested=true (in response to SChannel's CredentialsNeeded after parsing the server's CertificateRequest), set refreshCredentialNeeded so the finally-block publishes the new cert-bound credential to SslSessionsCache. Without this, subsequent connections always missed the cache (anonymous cred cached, cert-bound cred discarded) and the SChannel session ticket never resumed. Also routes credential ownership through TlsContext so the wedge and standalone TlsContext.Create paths share lifetime semantics, and removes diagnostic file-logging used during root-cause analysis. Validated: System.Net.Security.Tests full suite — Total 5247, Failed 0, Skipped 40.
This was referenced May 29, 2026
Comment on lines
+690
to
+698
| public enum TlsOperationStatus | ||
| { | ||
| Complete = 0, | ||
| WantRead = 1, | ||
| WantWrite = 2, | ||
| Closed = 3, | ||
| WantCredentials = 4, | ||
| NeedsCertificateValidation = 5, | ||
| } |
Comment on lines
+85
to
+90
| // Provide a default cert validation hook so OpenSSL's CertVerifyCallback | ||
| // can drive the user RemoteCertificateValidationCallback even for a | ||
| // standalone TlsSession. If SslStream wraps this session (wedge mode), | ||
| // it sets its own validator first and we leave it untouched. | ||
| context.Options.RemoteCertificateValidator ??= session.VerifyRemoteCertificate; | ||
| } |
Comment on lines
+235
to
+236
| SetRemoteCertificateValidationResult(ok ? SslPolicyErrors.None : sslPolicyErrors); | ||
| return sslPolicyErrors; |
Comment on lines
+1070
to
+1081
| SslStream.VerifyRemoteCertificateCore( | ||
| this, | ||
| _context.Options, | ||
| _securityContext, | ||
| ref _remoteCertificate, | ||
| ref _connectionInfo, | ||
| cert, | ||
| chain, | ||
| trust: null, | ||
| ref alertToken, | ||
| out _, | ||
| out _); |
… 3.0+ Wires up the OpenSSL 3.0 SSL_set_retry_verify lightup so SslStream-style external certificate validation can suspend the TLS handshake mid-stream on 3.0+ and resume after the application accepts/rejects the peer cert. Falls back to the existing post-handshake suspension on 1.1.x. Native: - Add CryptoNative_SslSetRetryVerify export (LIGHTUP_FUNCTION pattern). - Add PAL_SSL_ERROR_WANT_RETRY_VERIFY (= 12) and forward-declare SSL_set_retry_verify in osslcompat_30.h; ifndef-guard the error code for 1.1.x headers. Managed: - Add SslErrorCode.SSL_ERROR_WANT_RETRY_VERIFY and matching P/Invoke. - DoSslHandshake maps the new error to NeedsRemoteCertificateValidation. - CertVerifyCallback calls SslSetRetryVerify and returns -1 to suspend when DeferCertificateValidation is set and no managed validator is provided; otherwise falls through to the legacy accept-and-validate path. - Add internal SslAuthenticationOptions.DeferCertificateValidation (OpenSSL only). - TlsSession enables DeferCertificateValidation, drops the dummy AcceptAllForExternalValidation callback, and tracks _externalValidationResolved so the second ProcessHandshake call after validation succeeds returns Complete rather than throwing. Tests: System.Net.Security functional suite 4965 / 0 fail / 19 skip on macOS arm64.
…erOptions) Allow TlsContext.Create to be called with null SslServerAuthenticationOptions so the caller can inspect the peer's ClientHello (SNI, supported versions) before supplying server options. ProcessHandshake parses the first ClientHello, exposes it via TlsSession.ClientHelloInfo, and returns NeedsServerOptions with consumed = 0. The caller then calls SetServerOptions(...) and re-feeds the same input buffer to resume the handshake. - TlsOperationStatus.NeedsServerOptions = 6 - TlsContext.Create(SslServerAuthenticationOptions?) accepts null - TlsSession.ClientHelloInfo / SetServerOptions surface and resume the suspend - ProcessHandshake parses ClientHello via TlsFrameHelper, suspends with consumed=0, and re-returns NeedsServerOptions on subsequent calls until options are supplied; on OpenSSL the retry-verify suspension semantics are restored after ApplyServerOptions - Ref assembly and Stub updated to match
| [Fact] | ||
| public void TlsContext_RejectsNullOptions() | ||
| { | ||
| Assert.Throws<ArgumentNullException>(() => TlsContext.Create((SslServerAuthenticationOptions)null!)); |
| TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = (ushort)53251, | ||
| TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 = (ushort)53253, | ||
| } | ||
| public enum TlsOperationStatus |
Comment on lines
+458
to
+460
| // CertVerifyCallback needs the SafeSslHandle to stash a | ||
| // CertificateValidationException; expose it via the options. | ||
| options.SafeSslHandle = handle; |
Comment on lines
+222
to
+225
| // On success VerifyRemoteCertificateCore set _remoteCertificate = _externalPendingCert, so | ||
| // SetRemoteCertificateValidationResult below leaves it alone. On failure we must dispose the | ||
| // pending cert ourselves because no one adopted it. | ||
| SetRemoteCertificateValidationResult(ok ? SslPolicyErrors.None : sslPolicyErrors); |
Comment on lines
+97
to
+100
| public string? TargetHostName | ||
| { | ||
| get => _context.Options.TargetHost; | ||
| set => _context.Options.TargetHost = value ?? string.Empty; |
Comment on lines
+320
to
+326
| _context.ApplyServerOptions(options); | ||
| #if !TARGET_WINDOWS && !SYSNETSECURITY_NO_OPENSSL | ||
| // Preserve the retry-verify suspension semantics that TlsSession.Create | ||
| // would have configured up front had server options been available then. | ||
| _context.Options.DeferCertificateValidation = true; | ||
| #endif | ||
| _clientHelloInfo = null; |
OpenSSL 3.0 added a SSL_set_retry_verify(ssl) macro in <openssl/ssl.h> that expands to SSL_set_verify_result((ssl), X509_V_OK), which collides with the LIGHTUP_FUNCTION dispatch we generate for SSL_set_retry_verify. Undef the macro after both <openssl/ssl.h> and osslcompat_30.h are pulled in, mirroring the existing #undef ERR_put_error pattern.
…ediates - Replace TlsSession.GetRemoteCertificateChain() (X509Chain?) with GetRemoteCertificates() returning an X509Certificate2Collection of just the peer-sent intermediates. The leaf remains available via GetRemoteCertificate(). The platform-built X509Chain no longer escapes the PAL boundary. - CaptureRemoteCertificateForExternalValidation snapshots intermediates out of the platform chain (skipping element 0 = leaf) and disposes the chain immediately. - AcceptWithDefaultValidation builds a fresh local X509Chain, seeds ChainPolicy.ExtraStore with the captured intermediates, runs VerifyRemoteCertificateCore, and disposes the chain in a finally. - TlsSession.Stub.cs updated to the new signature on the unsupported TFMs. - TlsSessionTests driver helpers now call AcceptWithDefaultValidation on NeedsCertificateValidation so the user-supplied validator actually runs. - TlsContext.Create(SslServerAuthenticationOptions) intentionally allows null (deferred SNI-driven resolution); the null-rejection test is renamed and split to assert the deferred-resolution semantics for the server overload and null-throw only on the client overload.
- Drop TlsSession.RequestRenegotiation from the ref, implementation, and the unsupported-platform stub. The post-handshake client-certificate path remains as RequestClientCertificate, which on TLS 1.2 still issues a HelloRequest internally (matches SslStream's NegotiateClientCertificateAsync surface). - Rename the TLS 1.2 test to ServerSession_RequestClientCertificate_Tls12_ProducesHandshakeBytes so the single client-cert request entry point is the one under test. - Drop 'PoC scope / detached mode' wording from TlsSession and TlsContext doc comments. The class summary now just states that the caller owns I/O.
bartonjs
reviewed
May 30, 2026
Comment on lines
+94
to
+103
| // OpenSSL 3.0+ exposes SSL_set_retry_verify via <openssl/ssl.h>. We resolve it | ||
| // through the lightup function-pointer table, so undefine the header macro and | ||
| // forward-declare it as a real function so the LIGHTUP_FUNCTION machinery and | ||
| // the SSL_set_retry_verify_ptr alias compile cleanly on both 1.1.x and 3.0+. | ||
| #ifdef SSL_set_retry_verify | ||
| #undef SSL_set_retry_verify | ||
| #endif | ||
| #if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_3_0_RTM | ||
| int SSL_set_retry_verify(SSL* ssl); | ||
| #endif |
Member
There was a problem hiding this comment.
This doesn't really make sense...
SSL_set_retry_verify isn't a function, it's only a macro. So as a LIGHTUP_FUNCTION it'll never bind.
#define SSL_set_retry_verify(ssl) \
(SSL_ctrl(ssl, SSL_CTRL_SET_RETRY_VERIFY, 0, NULL) > 0)$ nm -D /usr/lib/x86_64-linux-gnu/libssl.so.3 | grep SSL.*verify
0000000000035e70 T SSL_CTX_get_verify_callback@@OPENSSL_3.0.0
0000000000035e60 T SSL_CTX_get_verify_depth@@OPENSSL_3.0.0
0000000000035e50 T SSL_CTX_get_verify_mode@@OPENSSL_3.0.0
00000000000393f0 T SSL_CTX_load_verify_dir@@OPENSSL_3.0.0
00000000000393d0 T SSL_CTX_load_verify_file@@OPENSSL_3.0.0
0000000000039420 T SSL_CTX_load_verify_locations@@OPENSSL_3.0.0
0000000000039400 T SSL_CTX_load_verify_store@@OPENSSL_3.0.0
0000000000038560 T SSL_CTX_set_cert_verify_callback@@OPENSSL_3.0.0
00000000000432f0 T SSL_CTX_set_cookie_verify_cb@@OPENSSL_3.0.0
0000000000039260 T SSL_CTX_set_default_verify_dir@@OPENSSL_3.0.0
00000000000392d0 T SSL_CTX_set_default_verify_file@@OPENSSL_3.0.0
0000000000039240 T SSL_CTX_set_default_verify_paths@@OPENSSL_3.0.0
0000000000039350 T SSL_CTX_set_default_verify_store@@OPENSSL_3.0.0
0000000000052540 T SSL_CTX_set_srp_verify_param_callback@@OPENSSL_3.0.0
00000000000433f0 T SSL_CTX_set_stateless_cookie_verify_cb@@OPENSSL_3.0.0
0000000000038580 T SSL_CTX_set_verify@@OPENSSL_3.0.0
00000000000385a0 T SSL_CTX_set_verify_depth@@OPENSSL_3.0.0
0000000000035e40 T SSL_get_verify_callback@@OPENSSL_3.0.0
0000000000035e30 T SSL_get_verify_depth@@OPENSSL_3.0.0
0000000000035e20 T SSL_get_verify_mode@@OPENSSL_3.0.0
00000000000394c0 T SSL_get_verify_result@@OPENSSL_3.0.0
0000000000035e80 T SSL_set_verify@@OPENSSL_3.0.0
0000000000035ea0 T SSL_set_verify_depth@@OPENSSL_3.0.0
00000000000394b0 T SSL_set_verify_result@@OPENSSL_3.0.0
000000000003c0b0 T SSL_verify_client_post_handshake@@OPENSSL_3.0.0The correct way to do it with lightup would be to add something like
#if defined SSL_CTRL_SET_RETRY_VERIFY
c_static_assert(SSL_CTRL_SET_RETRY_VERIFY == 136);
#else
#define SSL_CTRL_SET_RETRY_VERIFY 136
#endifto pal_ssl.c, and make your new function just expand the macro:
int32_t CryptoNative_SslSetRetryVerify(SSL* ssl)
{
return SSL_ctrl(ssl, SSL_CTRL_SET_RETRY_VERIFY, 0, NULL) > 0;
}
bartonjs
reviewed
May 30, 2026
Comment on lines
+721
to
+723
| public System.Net.Security.TlsOperationStatus ProcessHandshake(System.ReadOnlySpan<byte> input, System.Span<byte> output, out int consumed, out int produced) { throw null; } | ||
| public System.Net.Security.TlsOperationStatus Encrypt(System.ReadOnlySpan<byte> plaintext, System.Span<byte> ciphertext, out int consumed, out int produced) { throw null; } | ||
| public System.Net.Security.TlsOperationStatus Decrypt(System.ReadOnlySpan<byte> ciphertext, System.Span<byte> plaintext, out int consumed, out int produced) { throw null; } |
Member
There was a problem hiding this comment.
the outs should be bytesConsumed, bytesWritten
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
early prototype -> ignore.