From 200549ebd429ac15b6bbb06ec462ed5c789d969e Mon Sep 17 00:00:00 2001 From: John Luo Date: Wed, 17 Jun 2020 17:15:46 -0700 Subject: [PATCH 1/5] Fix Windows 7 Kestrel tests --- .azure/pipelines/ci.yml | 2 +- .../HttpsConnectionMiddlewareTests.cs | 24 +++++++++---------- .../InMemory.FunctionalTests/HttpsTests.cs | 4 ++-- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.azure/pipelines/ci.yml b/.azure/pipelines/ci.yml index 51ce25fea8b9..324e193378e2 100644 --- a/.azure/pipelines/ci.yml +++ b/.azure/pipelines/ci.yml @@ -608,7 +608,7 @@ stages: - script: ./build.cmd -ci -nobl -noBuildRepoTasks -restore -noBuild -noBuildNative -projects src/Grpc/**/*.csproj displayName: Restore interop projects - script: ./build.cmd -ci -nobl -noBuildRepoTasks -noRestore -test -all -noBuildNative -projects eng\helix\helix.proj - /p:IsRequiredCheck=true /p:IsHelixJob=true /p:BuildInteropProjects=true /p:RunTemplateTests=true + /p:IsHelixDaily=true /p:IsRequiredCheck=true /p:IsHelixJob=true /p:BuildInteropProjects=true /p:RunTemplateTests=true /p:ASPNETCORE_TEST_LOG_DIR=artifacts/log displayName: Run build.cmd helix target env: diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs index 44b8b50039d6..e127720e2782 100644 --- a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs +++ b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs @@ -142,7 +142,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); } } @@ -172,7 +172,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } @@ -207,14 +207,14 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2NoExt)); Assert.Equal(2, selectorCalled); } @@ -274,7 +274,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } @@ -340,7 +340,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) // HttpClient might not send the certificate because it is invalid or it doesn't match any // of the certificate authorities sent by the server in the SSL handshake. var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); await AssertConnectionResult(stream, true); } } @@ -417,7 +417,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); await AssertConnectionResult(stream, true); Assert.True(clientCertificateValidationCalled); } @@ -444,7 +444,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); await AssertConnectionResult(stream, false); } } @@ -469,7 +469,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); await AssertConnectionResult(stream, false); } } @@ -494,7 +494,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); await AssertConnectionResult(stream, true); } } @@ -528,7 +528,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.Tls12 | SslProtocols.Tls11, false); + await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); await AssertConnectionResult(stream, true); } } @@ -609,7 +609,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) var sslOptions = new SslClientAuthenticationOptions { TargetHost = "localhost", - EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11, + EnabledSslProtocols = SslProtocols.None, ApplicationProtocols = new List { SslApplicationProtocol.Http11, SslApplicationProtocol.Http2 }, }; diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs index 6ed69bcc1221..6bc446f97c0e 100644 --- a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs +++ b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs @@ -415,7 +415,7 @@ public async Task OnAuthenticate_SeesOtherSettings() using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true)) { await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null, - enabledSslProtocols: SslProtocols.Tls11 | SslProtocols.Tls12, + enabledSslProtocols: SslProtocols.None, checkCertificateRevocation: false); } } @@ -454,7 +454,7 @@ public async Task OnAuthenticate_CanSetSettings() using (var sslStream = new SslStream(connection.Stream, true, (sender, certificate, chain, errors) => true)) { await sslStream.AuthenticateAsClientAsync("127.0.0.1", clientCertificates: null, - enabledSslProtocols: SslProtocols.Tls11 | SslProtocols.Tls12, + enabledSslProtocols: SslProtocols.None, checkCertificateRevocation: false); } } From a06979ca0840ef45334678f70622a56e276f7e91 Mon Sep 17 00:00:00 2001 From: John Luo Date: Thu, 18 Jun 2020 01:16:21 -0700 Subject: [PATCH 2/5] Feedback --- .../HttpsConnectionMiddlewareTests.cs | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs index e127720e2782..fe0b8dae14fd 100644 --- a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs +++ b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs @@ -142,7 +142,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); } } @@ -172,7 +172,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } @@ -207,14 +207,14 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2NoExt)); Assert.Equal(2, selectorCalled); } @@ -274,7 +274,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStream(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); Assert.True(stream.RemoteCertificate.Equals(_x509Certificate2)); Assert.Equal(1, selectorCalled); } @@ -340,7 +340,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) // HttpClient might not send the certificate because it is invalid or it doesn't match any // of the certificate authorities sent by the server in the SSL handshake. var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, true); } } @@ -417,7 +417,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, true); Assert.True(clientCertificateValidationCalled); } @@ -444,7 +444,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, false); } } @@ -469,7 +469,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, false); } } @@ -494,7 +494,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, true); } } @@ -528,7 +528,7 @@ void ConfigureListenOptions(ListenOptions listenOptions) using (var connection = server.CreateConnection()) { var stream = OpenSslStreamWithCert(connection.Stream); - await stream.AuthenticateAsClientAsync("localhost", new X509CertificateCollection(), SslProtocols.None, false); + await stream.AuthenticateAsClientAsync("localhost"); await AssertConnectionResult(stream, true); } } From 799b85ea8408a7637f7dd29807475935970c9b88 Mon Sep 17 00:00:00 2001 From: John Luo Date: Thu, 18 Jun 2020 16:30:44 -0700 Subject: [PATCH 3/5] Update --- .../Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs | 6 ++++-- .../Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs | 2 +- .../Interop.FunctionalTests/HttpClientHttp2InteropTests.cs | 2 +- .../Kestrel/test/Interop.FunctionalTests/Utilities.cs | 6 +++--- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs index 6bc446f97c0e..13bd0d0d19a8 100644 --- a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs +++ b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs @@ -115,7 +115,8 @@ public void ConfigureCertSelectorNeverLoadsDefaultCert() Assert.Null(serverOptions.DefaultCertificate); } - [Fact] + [ConditionalFact] + [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/22917", Queues = "Windows.7.Amd64.Open")] public async Task EmptyRequestLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); @@ -142,7 +143,8 @@ public async Task EmptyRequestLoggedAsDebug() userMessage: string.Join(Environment.NewLine, loggerProvider.ErrorLogger.ErrorMessages)); } - [Fact] + [ConditionalFact] + [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/22917", Queues = "Windows.7.Amd64.Open")] public async Task ClientHandshakeFailureLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs index eb7a95a2281d..d7ea94abdd4a 100644 --- a/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs +++ b/src/Servers/Kestrel/test/Interop.FunctionalTests/H2SpecTests.cs @@ -55,7 +55,7 @@ public static TheoryData H2SpecTestCases var dataset = new TheoryData(); var toSkip = new string[] { /*"http2/5.1/8"*/ }; - var supportsAlpn = Utilities.CurrentPlatformSupportsAlpn(); + var supportsAlpn = Utilities.CurrentPlatformSupportsHTTP2OverTls(); foreach (var testcase in H2SpecCommands.EnumerateTestCases()) { diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs index b12740a1a43d..fcf32c1cd674 100644 --- a/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs +++ b/src/Servers/Kestrel/test/Interop.FunctionalTests/HttpClientHttp2InteropTests.cs @@ -42,7 +42,7 @@ public static IEnumerable SupportedSchemes new[] { "http" } }; - if (Utilities.CurrentPlatformSupportsAlpn()) + if (Utilities.CurrentPlatformSupportsHTTP2OverTls()) { list.Add(new[] { "https" }); } diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs index db41d1e1b40f..d2e2ce85a4d2 100644 --- a/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs +++ b/src/Servers/Kestrel/test/Interop.FunctionalTests/Utilities.cs @@ -7,10 +7,10 @@ namespace Interop.FunctionalTests { internal static class Utilities { - internal static bool CurrentPlatformSupportsAlpn() + internal static bool CurrentPlatformSupportsHTTP2OverTls() { - return // "Missing Windows ALPN support: https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation#Support" - new MinimumOSVersionAttribute(OperatingSystems.Windows, WindowsVersions.Win81).IsMet + return // "Missing Windows ALPN support: https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation#Support" or missing compatible ciphers (Win8.1) + new MinimumOSVersionAttribute(OperatingSystems.Windows, WindowsVersions.Win10).IsMet // "Missing SslStream ALPN support: https://github.com/dotnet/corefx/issues/30492" && new OSSkipConditionAttribute(OperatingSystems.MacOSX).IsMet // Debian 8 uses OpenSSL 1.0.1 which does not support ALPN From a5362432757e7cc502fd18c2c88958c828dd54a0 Mon Sep 17 00:00:00 2001 From: John Luo Date: Thu, 18 Jun 2020 18:44:30 -0700 Subject: [PATCH 4/5] Test fails on Win81 as well --- .../Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs index 13bd0d0d19a8..4849965c4069 100644 --- a/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs +++ b/src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsTests.cs @@ -116,7 +116,7 @@ public void ConfigureCertSelectorNeverLoadsDefaultCert() } [ConditionalFact] - [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/22917", Queues = "Windows.7.Amd64.Open")] + [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10)] // Investigation: https://github.com/dotnet/aspnetcore/issues/22917 public async Task EmptyRequestLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); @@ -144,7 +144,7 @@ public async Task EmptyRequestLoggedAsDebug() } [ConditionalFact] - [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/22917", Queues = "Windows.7.Amd64.Open")] + [MinimumOSVersion(OperatingSystems.Windows, WindowsVersions.Win10)] // Investigation: https://github.com/dotnet/aspnetcore/issues/22917 public async Task ClientHandshakeFailureLoggedAsDebug() { var loggerProvider = new HandshakeErrorLoggerProvider(); From 37d401724fad912d42045a7ddc15785521526be0 Mon Sep 17 00:00:00 2001 From: John Luo Date: Thu, 18 Jun 2020 20:52:26 -0700 Subject: [PATCH 5/5] Update ci.yml --- .azure/pipelines/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azure/pipelines/ci.yml b/.azure/pipelines/ci.yml index 324e193378e2..51ce25fea8b9 100644 --- a/.azure/pipelines/ci.yml +++ b/.azure/pipelines/ci.yml @@ -608,7 +608,7 @@ stages: - script: ./build.cmd -ci -nobl -noBuildRepoTasks -restore -noBuild -noBuildNative -projects src/Grpc/**/*.csproj displayName: Restore interop projects - script: ./build.cmd -ci -nobl -noBuildRepoTasks -noRestore -test -all -noBuildNative -projects eng\helix\helix.proj - /p:IsHelixDaily=true /p:IsRequiredCheck=true /p:IsHelixJob=true /p:BuildInteropProjects=true /p:RunTemplateTests=true + /p:IsRequiredCheck=true /p:IsHelixJob=true /p:BuildInteropProjects=true /p:RunTemplateTests=true /p:ASPNETCORE_TEST_LOG_DIR=artifacts/log displayName: Run build.cmd helix target env: