Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid finalizer race in the SslStreamNetworkStreamTests cert creation #57381

Merged
merged 1 commit into from
Aug 14, 2021
Merged

Avoid finalizer race in the SslStreamNetworkStreamTests cert creation #57381

merged 1 commit into from
Aug 14, 2021

Conversation

bartonjs
Copy link
Member

@bartonjs bartonjs commented Aug 13, 2021
edited

The TestHelpers.GenerateCertificates implementation for extending the length of the
certificate chain had a finalizable value race condition: if the endEntity certificate got
finalized between the time the private key handle was obtained and the key got rebound
to the new copy, then the key object was pointing at a deleted key and the operation failed.

Rather than rebuild the chain after the fact, this change just asks the PKI builder to build a longer chain.

Fixes #53597.

@bartonjs bartonjs requested a review from wfurt August 13, 2021 23:20
@ghost
Copy link

ghost commented Aug 13, 2021

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

The TestHelpers.GenerateCertificates implementation for extending the length of the
certificate chain had a finalizable value race condition: if the endEntity certificate got
finalized between the time the private key handle was obtained and the key got rebound
to the new copy, then the key object was pointing at a deleted key and the operation failed.

Rather than rebuild the chain after the fact, this change just asks the PKI builder to build a longer chain.

Author: bartonjs
Assignees: -
Labels:

area-System.Net.Security
Milestone: -

@bartonjs bartonjs mentioned this pull request Aug 13, 2021
Open
wfurt
wfurt approved these changes Aug 14, 2021
View reviewed changes
Copy link
Member

@wfurt wfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@danmoseley
Copy link
Member

Failing test is unrelated and already "fixed"

@danmoseley danmoseley merged commit 73b249e into dotnet:main Aug 14, 2021
@bartonjs bartonjs deleted the sslstream_cert_chains branch August 14, 2021 05:46
@karelz karelz added this to the 6.0.0 milestone Aug 17, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Sep 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wfurt wfurt wfurt approved these changes

Assignees
No one assigned
Labels
area-System.Net.Security
Projects
None yet
Milestone
6.0.0
Development

Successfully merging this pull request may close these issues.

SslStreamNetworkStreamTest failures on Mac
4 participants
@bartonjs @danmoseley @wfurt @karelz