|
5 | 5 | // |
6 | 6 | // It takes approx 5 miiliSec to lookup and obtain the certificate from local certificate store, |
7 | 7 | // unless the Store itself is handled as singleton and never closed during process lifetime. |
8 | | -// |
9 | 8 | // X509CertificateCache can be used to cache and re-use the certs. |
10 | | -// This is NOT a secrity issue, as the process has access to the certificate in the store. |
11 | | -// If given process do not have access to the certificate, it won't reach the cache in the first place. |
12 | 9 | // |
13 | 10 | // Using the X509 certificate instance: |
14 | 11 | // Use the cache ONLY IF you absolutely know how you are using the X509Certificate2 instance. |
|
21 | 18 | // |
22 | 19 | // Is this thread-safe? |
23 | 20 | // The X509CertificateCache maintains per-thread-cache. |
24 | | -// Each thread has its own instance of the cache and the cached versions of the X509 certificate. |
| 21 | +// Each thread has its own instance of the cache and corresponding cached versions of the X509 certificate. |
25 | 22 | // The cache is as thread-safe as the X509Certificate instance itself. |
26 | 23 | // The cache can't prevent you from passing the certificate instances in an async call, crossing thread boundary. |
27 | 24 | // If you are concerned about thread safety, do not pass the certifcates across async-call boundaries. |
28 | | -// For threadsafety of X509Certificate2 related operations, refer Microsoft documentation. |
| 25 | +// For thread safety of X509Certificate2 related operations, refer Microsoft documentation. |
29 | 26 | // |
30 | 27 | // How about server-restart on certificate changes? |
31 | 28 | // The ONLY option supported by the cache is lookup by thumbprint. |
32 | 29 | // The cache doesn't support lookup by other properties that may change, such as SubjectName. |
33 | 30 | // The thumbprint is a digital fingerprint for specific certificate instance. |
34 | | -// Also, the certificates are cached based on StoreName and StoreLocation to avoid ambuguity. |
35 | | -// Certs identified by thumbprint can't change for life-time, without change to the thumbprint itself. |
36 | | -// In general, you should not have to to re-start the server after adding/updating certificate. |
| 31 | +// In addition, the certificates are cached based on StoreName and StoreLocation to avoid ambiguity. |
| 32 | +// Certs identified by thumbprint can be treated immutable, as any change in certificate info would result in a new thumbprint. |
| 33 | +// In general, you should not have to re-start the server after adding/updating certificate. |
37 | 34 | // DELETING a certificate might require a restart if the certificate is already cached. |
38 | | -// Stop using the old thumbprint to avoid restart. |
39 | | -// Another case is, if the permission to a certificate was revoked to the process, after it was already cached. |
40 | 35 | // |
41 | 36 | // As with any other library, read-and-understand the code before using. |
42 | 37 | // |
|
0 commit comments