Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avoid allocation of SafeFreeSslCredentials and SafeDeleteSslContext on Linux #69527

Merged
merged 22 commits into from
Aug 15, 2022
Merged

avoid allocation of SafeFreeSslCredentials and SafeDeleteSslContext on Linux #69527

merged 22 commits into from
Aug 15, 2022

Conversation

wfurt
Copy link
Member

@wfurt wfurt commented May 18, 2022

SafeFreeSslCredentials really have no meaning on Linux (unlike Schannel) and we simple drag copy of some properties from sslAuthenticationOptions. The only difference is that we carte copy of certificates handle and key early so it would probably work even if disposed. I moved existing code to AllocateSslContext and we will get the handles when we carte the TLS session.

SafeDeleteSslContext is basically wrapper that only stores reference to another SafeHandle. To avoid that, I made SafeSslHandle subclass from SafeDeleteSslContext so I can use single object. There may be better way to do it. For one, I was thinking about actually merging but the benefits seems same and it would be much bigger change.

@wfurt wfurt added area-System.Net.Security os-linux Linux OS (any supported distro) labels May 18, 2022
@wfurt wfurt requested review from stephentoub and a team May 18, 2022 23:50
@wfurt wfurt self-assigned this May 18, 2022
@ghost
Copy link

ghost commented May 18, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

SafeFreeSslCredentials really have no meaning on Linux (unlike Schannel) and we simple drag copy of some properties from sslAuthenticationOptions. The only difference is that we carte copy of certificates handle and key early so it would probably work even if disposed. I moved existing code to AllocateSslContext and we will get the handles when we carte the TLS session.

SafeDeleteSslContext is basically wrapper that only stores reference to another SafeHandle. To avoid that, I made SafeSslHandle subclass from SafeDeleteSslContext so I can use single object. There may be better way to do it. For one, I was thinking about actually merging but the benefits seems same and it would be much bigger change.

Author: wfurt
Assignees: wfurt
Labels:

area-System.Net.Security, os-linux
Milestone: -

@wfurt wfurt mentioned this pull request May 19, 2022
Merged
@rzikm rzikm mentioned this pull request May 24, 2022
Merged
stephentoub
stephentoub reviewed May 31, 2022
View reviewed changes
src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs Outdated

using (SafeX509Handle certHandle = Interop.Crypto.X509UpRef(cert.Handle))
{
SetSslCertificate(contextPtr, certHandle, certKeyHandle);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens to certKeyHandle after this SetSslCertificate call?

@wfurt
Copy link
Member Author

wfurt commented Jun 8, 2022

/azp run runtime-extra-platforms

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@wfurt wfurt mentioned this pull request Jun 29, 2022
Closed
@wfurt wfurt mentioned this pull request Jul 1, 2022
Merged
@wfurt
Copy link
Member Author

wfurt commented Jul 1, 2022

This is ready for another pass @stephentoub.

This was referenced Jul 21, 2022
Open
Closed
stephentoub
stephentoub reviewed Aug 4, 2022
View reviewed changes
Copy link
Member

@stephentoub stephentoub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly looks good, but some SafeHandle-related issues to be addressed before it can be merged.

@wfurt
Copy link
Member Author

wfurt commented Aug 14, 2022

I made updates to address comments @stephentoub. Can you please take another look?

@wfurt @stephentoub
Apply suggestions from code review
2e7c5f3 
Co-authored-by: Stephen Toub <stoub@microsoft.com>
@wfurt wfurt merged commit 3af3e80 into dotnet:main Aug 15, 2022
@wfurt wfurt deleted the sslContext branch August 15, 2022 23:09
@runfoapp runfoapp bot mentioned this pull request Aug 16, 2022
Closed
@karelz karelz added this to the 7.0.0 milestone Aug 22, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Sep 21, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs left review comments

@stephentoub stephentoub stephentoub approved these changes

Assignees

@wfurt wfurt

Labels
area-System.Net.Security os-linux Linux OS (any supported distro)
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@wfurt @stephentoub @bartonjs @karelz