Fix: Inconsistent certificate chain handling between endpoint and default configuration by jnjudge1 · Pull Request #60710 · dotnet/aspnetcore (original) (raw)

Fix: Inconsistent certificate chain handling between endpoint and default configuration

• You've read the Contributor Guide and Code of Conduct.
• You've included unit or integration tests for your change, where applicable.
• You've included inline docs for your change, where applicable.
• There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Changes Kestrel configuration to process default certificate loading configurations the same as per endpoint configurations. With this change, certificates specified in the default configuration section will have their chains presented on the server even if their intermediates are not present in the system certificate store.

Description

IHttpsConfigurationService.cs:

• Changed to add the CertificateChain property onto the internal CertificateAndConfig struct, necessary for passing cert chain from TlsConfigurationLoader to KestrelConfigurationLoader.

TlsConfigurationLoader.cs:

• Changed to use the certificate chain from the loaded default certificate to return a CertificateAndConfig object with the chain specified if the chain is not null.

KestrelConfigurationLoader.cs:

• Changed to add an internal DefaultCertificateChain property for specifying the default certificate chain to load on endpoints in KestrelServerOptions.ApplyDefaultCertificate.

KestrelServerOptions.cs:

• Changed to get the default certificate chain specified in KestrelConfigurationLoader and set the ServerCertificateChain property on the httpsOptions for an endpoint.

Fixes #60709