[QUIC] Fix flags usage on Linux#69874
Conversation
|
Tagging subscribers to this area: @dotnet/ncl Issue Details
|
|
I'm not sure it is needed. My understanding was that the flags may be used on Windows. I did tests on Windows and all tests passes after updating msquic manually. |
|
On Schannel, USE_SUPPLIED_CREDENTIALS forces the client to send an empty |
|
It is unfortunate that the flag is platform specific. It feels like it would be better to ignore it on Linux if Linux can provide same functionality. |
|
|
||
| return Create(options, QUIC_CREDENTIAL_FLAGS.CLIENT | QUIC_CREDENTIAL_FLAGS.USE_SUPPLIED_CREDENTIALS, certificate: certificate, certificateContext: null, options.ClientAuthenticationOptions?.ApplicationProtocols, options.ClientAuthenticationOptions?.CipherSuitesPolicy); | ||
| QUIC_CREDENTIAL_FLAGS flags = QUIC_CREDENTIAL_FLAGS.CLIENT; | ||
| if (OperatingSystem.IsWindows()) |
There was a problem hiding this comment.
as long as .NET doesn't use OpenSSL on Windows, this is fine.
There was a problem hiding this comment.
Do we have any way to query what backend the library uses? Otherwise having the flag produce errors with OpenSSL makes it a bit inconvenient.
There was a problem hiding this comment.
I don't think we have a way to query which crypto library is in use. @ThadHouse @nibanks, do you know of something?
There was a problem hiding this comment.
No, we don't currently expose a way to do this. We could via a global GetParam option easily enough. If you need this @rzikm please open a MsQuic issue for it.
There was a problem hiding this comment.
I still feel that making sure the flag does not break OpenSSL would be better option e.g. less platform code to maintain elsewhere.
There was a problem hiding this comment.
.NET uses the SChannel version on Windows, so unless we care that the user may somehow provide a different dll (possibly built with OpenSSL), then we don't need it.
There was a problem hiding this comment.
We have had asks to support OpenSSL MsQuic on Windows with .NET, so would prefer not to make assumptions of using Schannel on Windows.
There was a problem hiding this comment.
agreed. While we may not support it we may take community contributions. Requirement for S2022 or W11 seems pretty steep for many users.
There was a problem hiding this comment.
We also tie to OperatingSystem.IsWindows() (non) usage of portable certs. I assume that is also rather thing of OpenSSL and following would not work with it:
Unless, I'm mistaken here, I wouldn't put too much effort into distinguishing Windows from SChannel atm.
There was a problem hiding this comment.
I filed microsoft/msquic#2761, it is not urgent, but it would be nice to have it in place when somebody eventually asks for support of OpenSSL-MsQuic on Windows.
|
Failing QUIC test is |
#69603 (comment)
cc @anrossi