feat: add handshake Exception on ITlsHandshakeFeature#65807
feat: add handshake Exception on ITlsHandshakeFeature#65807DeagleGross merged 7 commits intodotnet:mainfrom
Exception on ITlsHandshakeFeature#65807Conversation
github-actions
Bot
added
the
area-networking
DeagleGross
changed the title
HandshakeException on ITlsHandshakeFeatureException on ITlsHandshakeFeature
DeagleGross
changed the title
Exception on ITlsHandshakeFeatureException on ITlsHandshakeFeature
There was a problem hiding this comment.
Pull request overview
This PR adds a new Exception property to ITlsHandshakeFeature so middleware can inspect TLS handshake failures, and updates Kestrel’s HttpsConnectionMiddleware to populate it (including snapshotting SslStream-backed properties before disposal).
Changes:
- Add
ITlsHandshakeFeature.Exception(default interface member) as a new approved API surface. - Populate the handshake exception in
HttpsConnectionMiddlewareon handshake failures and snapshot TLS-related properties beforeSslStreamdisposal. - Add functional tests validating
Exceptionis set on handshake failure/timeout and remains null on success; update sample to demonstrate usage.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Servers/Kestrel/test/InMemory.FunctionalTests/HttpsConnectionMiddlewareTests.cs | Adds coverage for handshake exception + post-failure feature access patterns (with some flakiness risks). |
| src/Servers/Kestrel/samples/SampleApp/Startup.cs | Demonstrates reading ITlsHandshakeFeature.Exception after handshake completion. |
| src/Servers/Kestrel/Core/src/Middleware/HttpsConnectionMiddleware.cs | Sets feature.Exception on handshake failure and snapshots properties before disposal. |
| src/Servers/Kestrel/Core/src/Internal/TlsConnectionFeature.cs | Adds snapshotting/cached backing fields and an Exception property implementation. |
| src/Servers/Connections.Abstractions/src/PublicAPI/net11.0/PublicAPI.Unshipped.txt | Declares the new public API entry for net11.0. |
| src/Servers/Connections.Abstractions/src/Features/ITlsHandshakeFeature.cs | Introduces the new Exception property (NETCOREAPP) with a default implementation. |
dotnet-policy-service
Bot
added
the
pending-ci-rerun
| #endif | ||
| int KeyExchangeStrength { get; } | ||
|
|
||
| #if NET11_0_OR_GREATER |
There was a problem hiding this comment.
I think we should be consistent with the other #if's assuming the only goal is to leave this out of netstandard where we don't have DIMs.
| #if NET11_0_OR_GREATER | |
| #if NETCOREAPP |
There was a problem hiding this comment.
I tried it, but it is not a way to go, since we target DefaultNetCoreTargetFramework (net11) and CurrentLtsTargetFramework (net10.0) at AspNetCore.Connections.Abstractions.csproj which is distributed as a separate NuGet.
That means if I set #if NETCOREAPP, then I need to change PublicAPI for net10 and "release" this property in net10 version of package as well. I doubt this is what we want.
Let me know what you think!
|
Whoops. I didn't see you had automerge on. I'll quickly approve any fast follow to address my feedback. |
Adding handshake exception on the
ITlsHandshakeFeatureIn order to allow users to get the exception happened during tls handshake, adding new approved API on
ITlsHandshakeFeatureand populating it in theHttpsConnectionMiddleware.Since we now assume
ITlsHandshakeFeaturecan be used after tls handshake failed, and underlyingsslStreammay be disposed (should be actually), I added a way to snapshot all the fields fromsslStreamtoTlsConnectionFeaturebackup-fields, which will be used if set.Note: changed to
NET11_0_OR_GREATERinstead of NETCOREAPP to not make an unintended change in net10Fixes #65758