Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Introduce ListenOptions.GetServerCertificate

See original GitHub issue

Background and Motivation

The original fix for #45801 had to be rolled back because it broke an internal partner that depended on UseHttps failing fast in the absence of a certificate. Rather than having them continue to rely on the behavior (which we want to change), we should introduce an API that allows them to check for certificates explicitly (originally requested in #28120).

Proposed API

See #48054

namespace Microsoft.AspNetCore.Hosting;

public static class ListenOptionsHttpsExtensions
{
+    /// <summary>
+    /// Retrieve the server certificate, if any, for an endpoint; otherwise, throw.
+    /// Should not be called before the configuration is loaded, if there is one.
+    /// </summary>
+    /// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
+    /// <returns>The server certificate for this endpoint.</returns>
+    /// <exception cref="InvalidOperationException">If there is no server certificate for this endpoint.</exception>
+    /// <exception cref="InvalidOperationException">If there is a configuration and it has not been loaded.</exception>
+    public static X509Certificate2 GetServerCertificate(this ListenOptions listenOptions)
}

Usage Examples

webHostBuilder
    .UseKestrel(options =>
    {
        options.Configure(/* ... */);
        options.ConfigurationLoader.Load();

        options.Listen(IPAddress.Loopback, 5000, listenOptions =>
        {
                // No HTTPS
        });

        try
        {
            options.Listen(IPAddress.Loopback, 5001, listenOptions =>
            {
                listenOptions.GetServerCertificate();
                listenOptions.UseHttps();
            });
        }
        catch
        {
            Console.WriteLine("No https");
        }
    })

Alternative Designs

We could have gone with TryGet but our partner expressed a preference for getting an explanatory exception message. We could have made UseHttps fail eagerly, but that would have introduced a lot of complexity, chiefly around handling configuration changes between UseHttps and bind-time.

Risks

It’s a little wonky that you have to explicitly load the configuration yourself, but this is a very niche scenario.

Issue Analytics

  • State:closed
  • Created 5 months ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
Tratchercommented, May 3, 2023

We could have gone with TryGet but our partner expressed a preference for getting an explanatory exception message.

The implementation only throws NoCertSpecifiedNoDevelopmentCertificateFound, that doesn’t seem like meaningful information, or are there other exceptions that could be thrown here?

Here’s the usage I’d like to see:

webHostBuilder
    .UseKestrel(options =>
    {
        options.Configure(/* ... */);
        options.ConfigurationLoader.Load();

        options.Listen(IPAddress.Loopback, 5000, listenOptions =>
        {
                // No HTTPS
        });

        if (options.CheckForDefaultHttpsCert())
        {
            options.Listen(IPAddress.Loopback, 5001, listenOptions =>
            {
                listenOptions.UseHttps();
            });
        }
        else
        {
            Console.WriteLine("No https");
        }
    })
0reactions
amcaseycommented, May 8, 2023

We’re going to try to fix things without a new API.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Introduce ListenOptions.GetServerCertificate · dotnet/aspnetcore ...
ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux. - Introduce ListenOptions.
Read more >
GetServerCertificate - AWS Identity and Access Management
Retrieves information about the specified server certificate stored in IAM. For more information about working with server certificates, see Working with ...
Read more >
ListenOptions Class (Microsoft.AspNetCore.Server.Kestrel. ...
Gets the KestrelServerOptions for the listener options. Enables connection middleware to resolve and use services registered by the application during startup.
Read more >
SslStream.AuthenticateAsClientAsync C# ...
GetServerCertificate ()) { Task serverAuth = server.AuthenticateAsServerAsync(certificate); await client.AuthenticateAsClientAsync(certificate.
Read more >
C# (CSharp) SslStream.ReadAsync Examples
GetServerCertificate ()) { var handshake = new Task[2]; handshake[0] = server. ... { ExpectedConnectionMiddlewareCount = 1 }, listenOptions => { listenOptions.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to Base64UrlEncode in Blazor WebAssembly client now that Microsoft.AspNetCore.WebUtilities has been deprecated?

Next page

Getting signed out on live site after AppPool recycle