Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[QUIC] Add support for SslCertificateTrust #73053

Open
rzikm opened this issue Jul 29, 2022 · 3 comments
Open

[QUIC] Add support for SslCertificateTrust #73053

rzikm opened this issue Jul 29, 2022 · 3 comments
Labels
area-System.Net.Quic
Milestone
Future

Comments

@rzikm
Copy link
Member

rzikm commented Jul 29, 2022
edited
Loading

SslStream supports some control over which certificates are to be considered as trusted. See SslStreamCertificateContext.Trust and e.g. #55104.

While we might not be able to force the QUIC TLS backend to send the trusted list as part of TLS handshake, we can still implement the certificate validation part of the above mentioned PR. The prerequisite to that is making the SslStreamCertificateContext.Trust public (Or at least visible to S.N.Q), same for internal members of SslCertificateTrust
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Jul 29, 2022
@rzikm rzikm added area-System.Net.Quic and removed area-System.Net.Security untriaged New issue has not been triaged by the area owner labels Jul 29, 2022
@ghost
Copy link

ghost commented Jul 29, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

SslStream supports some control over which certificates are to be considered as trusted. See SslStreamCertificateContext.Trust and e.g. #55104.

While we might not be able to force the QUIC TLS backend to send the trusted list as part of TLS handshake, we can still implement the certificate validation part of the above mentioned PR. The prerequisite to that is making the SslStreamCertificateContext.Trust public.

Author: rzikm
Assignees: -
Labels:

area-System.Net.Security
Milestone: -

@ghost
Copy link

ghost commented Jul 29, 2022

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

SslStream supports some control over which certificates are to be considered as trusted. See SslStreamCertificateContext.Trust and e.g. #55104.

While we might not be able to force the QUIC TLS backend to send the trusted list as part of TLS handshake, we can still implement the certificate validation part of the above mentioned PR. The prerequisite to that is making the SslStreamCertificateContext.Trust public.

Author: rzikm
Assignees: -
Labels:

area-System.Net.Quic
Milestone: -

@rzikm rzikm added this to the Future milestone Jul 29, 2022
@rzikm rzikm added the untriaged New issue has not been triaged by the area owner label Jul 29, 2022
@rzikm
Copy link
Member Author

rzikm commented Jul 29, 2022

Tentatively assigned to Future, this probably is not critical for 7.0 but would be good for consistency.

@jeffschwMSFT jeffschwMSFT removed the untriaged New issue has not been triaged by the area owner label Aug 1, 2022
@ManickaP ManickaP mentioned this issue Apr 4, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
area-System.Net.Quic
Projects
None yet
Milestone
Future
Development

No branches or pull requests
2 participants
@jeffschwMSFT @rzikm