Skip to content

[Kestrel] Certificate chains support #23623

New issue
New issue
Closed
Closed
[Kestrel] Certificate chains support#23623
Assignees
davidfowl
Labels
affected-fewThis issue impacts only small number of customersarea-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractionsenhancementThis issue represents an ask for new feature or an enhancement to an existing onefeature-kestrelseverity-minorThis label is used by an internal tool
Milestone
 
Test failures
@javiercn

Description

@javiercn
javiercn
opened on Jul 2, 2020

Right now Kestrel supports loading certificates from PFX files and PEM files, but it only loads one certificate.

  • That forces the certificate chains to be resolved within the SSL stream which require going to the network to resolve the chain.
  • There are new APIs on SslStream to provide the chain as well as the certificate to use that avoid having to fetch the chain from the network.
  • We want to load entire certificate chains from PFX and PEM certificate files to pass them directly to SslStream and avoid having to resolve the chain.

Metadata

Metadata

Assignees

Labels

affected-fewThis issue impacts only small number of customersarea-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractionsenhancementThis issue represents an ask for new feature or an enhancement to an existing onefeature-kestrelseverity-minorThis label is used by an internal tool

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions