Skip to content

Make Kestrel config case-insensitive for certificates #23268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
2 commits merged into from
Jun 24, 2020
Merged

Make Kestrel config case-insensitive for certificates #23268

2 commits merged into from
Jun 24, 2020

Conversation

wtgodbe
Copy link
Member

@wtgodbe wtgodbe commented Jun 23, 2020

Attempts to resolve #21494

@ghost ghost added the area-servers label Jun 23, 2020
wtgodbe
wtgodbe commented Jun 23, 2020
View reviewed changes
src/Servers/Kestrel/Kestrel/test/KestrelConfigurationLoaderTests.cs Outdated
}
}
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test fails without the change to ConfigurationReader.cs

BrennanConroy
BrennanConroy approved these changes Jun 23, 2020
View reviewed changes
Copy link
Member

@BrennanConroy BrennanConroy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a test that multiple certs with the same name throws?
"Development" vs "DEVELOPMENT"

Tratcher
Tratcher reviewed Jun 23, 2020
View reviewed changes
src/Servers/Kestrel/Kestrel/test/KestrelConfigurationLoaderTests.cs Outdated
@@ -253,6 +253,38 @@ public void ConfigureEndpointDevelopmentCertificateGetsLoadedWhenPresent()
}
}

[Fact]
public void ConfigureEndpointDevelopmentCertificateIsCaseInsensitive()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the change was in ConfigurationReader, you can probobly write a more targeted test in ConfigurationReaderTests. That would let you avoid some of this overhead like writing a cert to file.
https://github.com/dotnet/aspnetcore/blob/fa20111e47774b6c08f82a1f0c6373cc30e99a83/src/Servers/Kestrel/Kestrel/test/ConfigurationReaderTests.cs

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea. I try to avoid file I/O (or really any I/O) in Kestrel tests if at all possible.

wtgodbe
wtgodbe commented Jun 23, 2020
View reviewed changes
src/Servers/Kestrel/Kestrel/test/ConfigurationReaderTests.cs
new KeyValuePair<string, string>("Certificates:FILECERT:Password", "certpassword"),
}).Build());

Assert.Contains("An item with the same key has already been added", exception.Message);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This string is in Kestrel/Core/src/CoreStrings.resx - would it better to add a reference to that resource file to the .csproj?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CoreStrings is already InternalsVisibleTo to this project you just need to add a using for Microsoft.AspNetCore.Server.Kestrel.Core.

@wtgodbe
Copy link
Member Author

wtgodbe commented Jun 23, 2020

Updated

halter73
halter73 reviewed Jun 24, 2020
View reviewed changes
src/Servers/Kestrel/Kestrel/test/ConfigurationReaderTests.cs
var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
{
new KeyValuePair<string, string>("Certificates:filecert:Path", "/path/cert.pfx"),
new KeyValuePair<string, string>("Certificates:FILECERT:Password", "certpassword"),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should still pass if the entire key is UPPERCASE, right? I know this PR only changes the dictionary comparer, but I see no reason not to verify the rest of it case insensitive while we're at it.

@ghost
Copy link

ghost commented Jun 24, 2020

Hello @davidfowl!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@ghost ghost merged commit e344694 into master Jun 24, 2020
@ghost ghost deleted the wtgodbe/KestrelCase branch June 24, 2020 06:40
@wtgodbe wtgodbe mentioned this pull request Jun 24, 2020
Merged
@Tratcher Tratcher added this to the 5.0.0-preview8 milestone Jun 24, 2020
@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Jun 6, 2023
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@halter73 halter73 halter73 approved these changes

@Tratcher Tratcher Tratcher approved these changes

@BrennanConroy BrennanConroy BrennanConroy approved these changes

@javiercn javiercn Awaiting requested review from javiercn

@jkotalik jkotalik Awaiting requested review from jkotalik

Assignees
No one assigned
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions
Projects
None yet
Milestone
5.0.0-preview8
Development

Successfully merging this pull request may close these issues.

Kestrel config should be case insensitive
6 participants
@wtgodbe @halter73 @Tratcher @BrennanConroy @davidfowl @amcasey