Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quality of Life Updates for bad TLS versions #142

Merged
merged 4 commits into from
Nov 6, 2020
Merged

Quality of Life Updates for bad TLS versions #142

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f03c3b4
Adding extra instructions regarding TLS to readme, adding new excepti…
slorello89 Jul 22, 2020
337ed70
removing erroneously added whitespace
slorello89 Jul 22, 2020
2cbaf27
Merge branch 'master' into TLS_Quality_of_life_updates
slorello89 Aug 17, 2020
890c5b7
Merge branch 'master' into TLS_Quality_of_life_updates
slorello89 Nov 6, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions OpenTok/Util/HttpClient.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,8 @@ public virtual string Delete(string url, Dictionary<string, string> headers)
}
}

OpenTokUtils.ValidateTlsVersion(e);

throw new OpenTokWebException("Error with request submission", e);
}

Expand Down
17 changes: 17 additions & 0 deletions OpenTok/Util/OpenTokUtils.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
using System.Net;

using Newtonsoft.Json;
using OpenTokSDK.Exception;

namespace OpenTokSDK.Util
{
Expand Down Expand Up @@ -158,5 +159,21 @@ public static int GetPartnerIdFromSessionId(string sessionId)

return Convert.ToInt32(sessionParameters[1]);
}

/// <summary>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jeffswartz I noticed that the rest of the project uses a non-standard docblock (one more akin to PHP and Java). will using the proper documentation blocks break anything in regards to documentation building? The XML <summary> format would be preferred, but before we merge this I want to make sure we won't break anything.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jeffswartz - will using standard .NET summary docs cause issues with our docs generator?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@slorello89 Please remove the docs for this ValidateTlsVersion() method. It is in OpenTokUtils, which does not include methods that developers will call directly.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@slorello89 Our docs build script (which uses Doxygen) works with the JavaDocs comments. We should consider cleaning that up later. But for now, it works.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, note that we do not document the other OpenTokUtils methods (which are used internally by the SDK).

/// Used if a WebException is caught to check that the TLS version makes sense
/// If the TLS version is less than 1.2 and not the System Default (0) this method
/// throws an exception
/// </summary>
/// <param name="e"></param>
public static void ValidateTlsVersion(WebException e)
{
if (ServicePointManager.SecurityProtocol > 0 && ServicePointManager.SecurityProtocol < SecurityProtocolType.Tls12)
{
throw new OpenTokWebException("Error with request submission.\n" +
"This application appears to not support TLS1.2.\n" +
"Please enable TLS 1.2 and try again.", e);
}
}
}
}
23 changes: 23 additions & 0 deletions OpenTokTest/OpenTokTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
using OpenTokSDK;
using OpenTokSDK.Util;
using OpenTokSDK.Exception;
using System.Net;

namespace OpenTokSDKTest
{
Expand All @@ -24,6 +25,28 @@ public void InitializationTest()
var opentok = new OpenTok(apiKey, apiSecret);
Assert.IsType<OpenTok>(opentok);
}

[Theory]
[InlineData(SecurityProtocolType.Tls11)]
[InlineData(SecurityProtocolType.Tls12)]
[InlineData((SecurityProtocolType)0)]
public void CreateSessionFailedDueToTLS(SecurityProtocolType protocolType)
{
ServicePointManager.SecurityProtocol = protocolType;
var e = new WebException("Test Exception");
try
{
OpenTokUtils.ValidateTlsVersion(e);
Assert.NotEqual(SecurityProtocolType.Tls11, protocolType);
}
catch(OpenTokWebException ex)
{
Assert.Equal("Error with request submission.\nThis application appears to not support TLS1.2.\nPlease enable TLS 1.2 and try again.", ex.Message);
Assert.Equal(SecurityProtocolType.Tls11, protocolType);

}

}

// TODO: all create session and archive tests should verify the HTTP request body

Expand Down
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,12 @@ The OpenTok .NET SDK requires .NET Framework 4.5.2 or greater.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
```

Alternatively, if your application is dependant on a different version of TLS for other APIs, you can alternatively add TLS to the list of supported methods with a bitwise OR:

```
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
```

## Release Notes

See the [Releases](https://github.com/opentok/opentok-.net-sdk/releases) page for details
Expand Down