Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Accessing Kestrel state in ServerOptionsSelectionCallback

See original GitHub issue

In 5.0 we added the following API so users could customize TLS settings on a per connection basis: https://github.com/dotnet/aspnetcore/blob/52eff90fbcfca39b7eb58baad597df6a99a542b0/src/Servers/Kestrel/Core/src/ListenOptionsHttpsExtensions.cs#L257

This directly exposes SslStream’s ServerOptionsSelectionCallback delegate. The problem we’re running into now is that customers need access to kestrel specific state inside that callback, like the ConnectionContext, transport information (IPs), enabling/disabling client cert renegotiation, etc…

There is an internal API used by the config code that wraps ServerOptionsSelectionCallback and exposes the ConnectionContext. https://github.com/dotnet/aspnetcore/blob/52eff90fbcfca39b7eb58baad597df6a99a542b0/src/Servers/Kestrel/Core/src/ListenOptionsHttpsExtensions.cs#L275

That API isn’t very future proof, I’m already having to modify it for client certs (https://github.com/dotnet/aspnetcore/pull/33264). Modifying it to take a specific context object might be more future proof.

updated

+ public static ListenOptions UseHttps(this ListenOptions listenOptions, HttpsConnectionMiddlewareOptions options);

+ public class HttpsConnectionMiddlewareOptions
+ {
+   public Func<TlsCallbackContext, ValueTask<SslServerAuthenticationOptions>> OnConnection { get; set; } // Required
+   public object? OnConnectionState { get; set; }
+   public TimeSpan HandshakeTimeout { get; set; } = (our default)
+ }

+ public sealed class TlsCallbackContext
+ {
+   // ServerOptionsSelectionCallback parameters
+   public SslStream SslStream { get; }
+   public SslClientHelloInfo ClientHelloInfo { get; }
+   public object? State { get; }
+   public CancellationToken CancellationToken { get; }
+   // Kestrel specific
+   public ConnectionContext Connection { get; }
+   public bool AllowDelayedClientCertificateNegotation { get; set; }
+ }

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:1
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
Tratchercommented, Jun 18, 2021

Like this?

+ public static ListenOptions UseHttps(this ListenOptions listenOptions, HttpsConnectionMiddlewareOptions options);

+ public class HttpsConnectionMiddlewareOptions
+ {
+   public Func<TlsCallbackContext, ValueTask<SslServerAuthenticationOptions>> OnConnection { get; set; } // Required
+   public object? OnConnectionState { get; set; }
+   public TimeSpan HandshakeTimeout { get; set; } = (our default)
+ }

+ public sealed class TlsCallbackContext
+ {
+   // ServerOptionsSelectionCallback parameters
+   public SslStream SslStream { get; }
+   public SslClientHelloInfo ClientHelloInfo { get; }
+   public object? State { get; }
+   public CancellationToken CancellationToken { get; }
+   // Kestrel specific
+   public ConnectionContext Connection { get; }
+   public bool AllowDelayedClientCertificateNegotation { get; set; }
+ }
0reactions
pranavkmcommented, Jun 21, 2021
+ public sealed class TlsHandshakeCallbackOptions
+ {
+   public TlsHandshakeCallbackOptions(Func<TlsCallbackContext, ValueTask<SslServerAuthenticationOptions>> onConnection);
+   public Func<TlsCallbackContext, ValueTask<SslServerAuthenticationOptions>> OnConnection { get; }
+   public object? OnConnectionState { get; set; }
+   public TimeSpan HandshakeTimeout { get; set; } = (our default)
+ }

+ public sealed class TlsHandshakeCallbackContext
Read more comments on GitHub >

github_iconTop Results From Across the Web

Configure options for the ASP.NET Core Kestrel web server
This property holds an instance of the KestrelServerLimits class. In examples shown later in this article, Kestrel options are configured in C# ...
Read more >
Kestrel Web Server in ASP.NET Core Application
First, it will launch the command prompt and host the application using the Kestrel Web Server, as shown below. Here, you need to...
Read more >
How to Change ASP.NET Core's Built-In Web-Server ...
I Installed .NET Core SDK v3.1 on an Ubuntu VPS, and I am now experimenting with ASP.NET Core projects. ... to run it,...
Read more >
Kestrel: The Microsoft web server you should be using
Apps are able to configure Kestrel using the APIs in WebApplication and WebApplicationBuilder , for example, adding additional ports. As Kestrel ...
Read more >
Adding host filtering to Kestrel in ASP.NET Core
In this post I describe how to add host filtering to an ASP.NET Core application, and show why not filtering could allow attackers...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Blazor wasm: dotnet watch hot reload 100% CPU on Ubuntu

Next page

Unable to build from command line: restore.cmd/build.cmd fails