Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,12 @@ public static SafeMsQuicConfigurationHandle Create(QuicClientConnectionOptions o
}
}

return Create(options, QUIC_CREDENTIAL_FLAGS.CLIENT | QUIC_CREDENTIAL_FLAGS.USE_SUPPLIED_CREDENTIALS, certificate: certificate, certificateContext: null, options.ClientAuthenticationOptions?.ApplicationProtocols, options.ClientAuthenticationOptions?.CipherSuitesPolicy);
QUIC_CREDENTIAL_FLAGS flags = QUIC_CREDENTIAL_FLAGS.CLIENT;
if (OperatingSystem.IsWindows())

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as long as .NET doesn't use OpenSSL on Windows, this is fine.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have any way to query what backend the library uses? Otherwise having the flag produce errors with OpenSSL makes it a bit inconvenient.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we have a way to query which crypto library is in use. @ThadHouse @nibanks, do you know of something?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we don't currently expose a way to do this. We could via a global GetParam option easily enough. If you need this @rzikm please open a MsQuic issue for it.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still feel that making sure the flag does not break OpenSSL would be better option e.g. less platform code to maintain elsewhere.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.NET uses the SChannel version on Windows, so unless we care that the user may somehow provide a different dll (possibly built with OpenSSL), then we don't need it.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have had asks to support OpenSSL MsQuic on Windows with .NET, so would prefer not to make assumptions of using Schannel on Windows.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agreed. While we may not support it we may take community contributions. Requirement for S2022 or W11 seems pretty steep for many users.

@ManickaP ManickaP May 26, 2022

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also tie to OperatingSystem.IsWindows() (non) usage of portable certs. I assume that is also rather thing of OpenSSL and following would not work with it:

if (OperatingSystem.IsWindows())
{
config.Type = QUIC_CREDENTIAL_TYPE.CERTIFICATE_CONTEXT;
config.CertificateContext = (void*)certificate.Handle;
status = MsQuicApi.Api.ApiTable->ConfigurationLoadCredential(configurationHandle.QuicHandle, &config);
}

Unless, I'm mistaken here, I wouldn't put too much effort into distinguishing Windows from SChannel atm.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I filed microsoft/msquic#2761, it is not urgent, but it would be nice to have it in place when somebody eventually asks for support of OpenSSL-MsQuic on Windows.

{
flags |= QUIC_CREDENTIAL_FLAGS.USE_SUPPLIED_CREDENTIALS;
}
return Create(options, flags, certificate: certificate, certificateContext: null, options.ClientAuthenticationOptions?.ApplicationProtocols, options.ClientAuthenticationOptions?.CipherSuitesPolicy);
}

public static SafeMsQuicConfigurationHandle Create(QuicOptions options, SslServerAuthenticationOptions? serverAuthenticationOptions, string? targetHost = null)
Expand Down