Kestrel Override Client Cert Validation #11423
Conversation
mikaelm12
requested review from
analogrelay,
halter73,
jkotalik and
Tratcher
as code owners
|
Updated after speaking to @halter73 offline |
src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs
Outdated
Show resolved
Hide resolved
| @@ -76,6 +77,14 @@ public HttpsConnectionAdapterOptions() | |||
| /// </summary> | |||
| public bool CheckCertificateRevocation { get; set; } | |||
|
|
|||
| /// <summary> | |||
| /// Overrides the current <see cref="ClientCertificateValidation"/> callback and allows any client certificate. | |||
There was a problem hiding this comment.
👍 For the doc comment saying exactly what it does, not just the net result.
| /// </summary> | ||
| public void AllowAnyClientCertificate() | ||
| { | ||
| ClientCertificateValidation = (_, __, ___) => true; |
There was a problem hiding this comment.
I wonder when is C# going to start allowing (_, _, _)? Maybe that'd be too breaking for reasons I don't fully realize.
There was a problem hiding this comment.
Yeah, that's a feature that I definitely want.
| @@ -1,4 +1,4 @@ | |||
| // Copyright (c) .NET Foundation. All rights reserved. | |||
| // Copyright (c) .NET Foundation. All rights reserved. | |||
|
This comment was made automatically. If there is a problem contact [email protected]. I've triaged the above build. I've created/commented on the following issue(s) |
|
This comment was made automatically. If there is a problem contact [email protected]. I've triaged the above build. I've created/commented on the following issue(s) |
ghost
deleted the
amcasey
added
the
area-networking
Fixes: #10351
Adding an option to accept any client certificate.
Roast me.