Throws a specific exception when a certificate is needed but not provided#24544
Throws a specific exception when a certificate is needed but not provided#24544rolfbjarne wants to merge 6 commits intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds specific exception handling for scenarios where a server requests a client certificate but none is provided by the application. The implementation throws a structured exception chain (HttpRequestException → WebException → AuthenticationException) to help developers detect and handle missing certificate scenarios programmatically.
Changes:
- Modified NSUrlSessionHandler to throw a specific exception when a client certificate is requested but not available
- Added an AppContext switch to allow disabling the new behavior for backward compatibility
- Added two test methods to validate optional and required certificate scenarios
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| src/Foundation/NSUrlSessionHandler.cs | Adds exception handling logic when client certificate is missing, with AppContext switch for backward compatibility |
| tests/monotouch-test/System.Net.Http/MessageHandlers.cs | Adds two test methods: one for optional certificates (should succeed) and one for required certificates (should throw specific exception) |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
💻 [CI Build #df9f7f9] Tests on macOS arm64 - Mac Sequoia (15) passed 💻✅ All tests on macOS arm64 - Mac Sequoia (15) passed. Pipeline on Agent |
💻 [CI Build #df9f7f9] Tests on macOS M1 - Mac Monterey (12) passed 💻✅ All tests on macOS M1 - Mac Monterey (12) passed. Pipeline on Agent |
💻 [CI Build #df9f7f9] Tests on macOS X64 - Mac Sonoma (14) passed 💻✅ All tests on macOS X64 - Mac Sonoma (14) passed. Pipeline on Agent |
💻 [CI Build #df9f7f9] Tests on macOS M1 - Mac Ventura (13) passed 💻✅ All tests on macOS M1 - Mac Ventura (13) passed. Pipeline on Agent |
💻 [CI Build #df9f7f9] Tests on macOS arm64 - Mac Tahoe (26) passed 💻✅ All tests on macOS arm64 - Mac Tahoe (26) passed. Pipeline on Agent |
This comment has been minimized.
This comment has been minimized.
Verifies that when the Foundation.NSUrlSessionHandler.NoMissingCertificateHandling switch is enabled, the specific SecureChannelFailure exception is not thrown. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
rolfbjarne
force-pushed
the
dev/rolf/dotMorten-detect_missing_cert
branch
from
df9f7f9 to
4e047fd
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
- Use challenge.ProposedCredential instead of null for PerformDefaultHandling. - Fix grammar: 'services uses' -> 'services use'. - Track listener error state and throw on Failed instead of silently returning a broken listener. - Dispose ManualResetEventSlim. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
SecIdentity.Import(X509Certificate2) re-exports the cert as PFX which fails on macOS because the private key can't be re-exported. Instead, export the PFX bytes with a password directly from CreateSelfSigned and use SecIdentity.Import(byte[], string) which avoids the re-export. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
✅ [CI Build #06189b2] Build passed (Build packages) ✅Pipeline on Agent |
✅ [CI Build #06189b2] Build passed (Build macOS tests) ✅Pipeline on Agent |
This comment has been minimized.
This comment has been minimized.
✅ [PR Build #06189b2] Build passed (Detect API changes) ✅Pipeline on Agent |
✅ API diff for current PR / commitNET (empty diffs)✅ API diff vs stableNET (empty diffs)ℹ️ Generator diffGenerator Diff: vsdrops (html) vsdrops (raw diff) gist (raw diff) - Please review changes) Pipeline on Agent |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
🔥 [CI Build #06189b2] Test results 🔥Test results❌ Tests failed on VSTS: test results 0 tests crashed, 1 tests failed, 155 tests passed. Failures❌ linker tests [attempt 4]1 tests failed, 43 tests passed.Failed tests
Html Report (VSDrops) Download Successes✅ cecil: All 1 tests passed. Html Report (VSDrops) Download macOS tests✅ Tests on macOS Monterey (12): All 5 tests passed. Html Report (VSDrops) Download Linux Build VerificationPipeline on Agent |
Fixes #21688
This allows the user to detect the specific exception when a certificate is needed and react to it. Exceptions thrown are very similar to what
SocketsHttpHandlerand other handlers throw, while also following the pattern of other exceptions thrown byNSUrlSessionHandler.This is a re-creation of #24532 from @dotMorten (due to our CI not being able to build PRs from forks).