Skip to content

Commit

Permalink
only hook up server certificate validator base on request. corefx wil…
Browse files Browse the repository at this point in the history 
…l throw PlatformNotSupportException on non-Windows platform with CURL not built for openssl. (OSX, Fedora based OS) (#1285)
  • Loading branch information
@TingluoHuang
TingluoHuang authored Nov 7, 2017
1 parent 0e5ddad commit 5b05e8f
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 22 deletions.
22 changes: 2 additions & 20 deletions src/Microsoft.VisualStudio.Services.Agent/AgentCertificateManager.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ namespace Microsoft.VisualStudio.Services.Agent
public interface IAgentCertificateManager : IAgentService, IVssClientCertificateManager
{
bool SkipServerCertificateValidation { get; }
Func<HttpRequestMessage, X509Certificate2, X509Chain, SslPolicyErrors, bool> ServerCertificateValidationCallback { get; }
string CACertificateFile { get; }
string ClientCertificateFile { get; }
string ClientCertificatePrivateKeyFile { get; }
Expand All @@ -42,6 +41,7 @@ public void SetupCertificate(bool skipCertValidation, string caCert, string clie
{
Trace.Info("Ignore SSL server certificate validation error");
SkipServerCertificateValidation = true;
VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
}

if (!string.IsNullOrEmpty(caCert))
Expand Down Expand Up @@ -158,6 +158,7 @@ public void LoadCertificateSettings()
{
Trace.Info("Ignore SSL server certificate validation error");
SkipServerCertificateValidation = true;
VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
}

if (!string.IsNullOrEmpty(certSetting.CACert))
Expand Down Expand Up @@ -202,25 +203,6 @@ public void LoadCertificateSettings()
}
}

public Func<HttpRequestMessage, X509Certificate2, X509Chain, SslPolicyErrors, bool> ServerCertificateValidationCallback
{
get
{
return (sender, certificate, chain, sslPolicyErrors) =>
{
if (SkipServerCertificateValidation)
{
Trace.Verbose($"Ignore SSL certificate error '{sslPolicyErrors.ToString()}' for request '{sender.RequestUri.AbsoluteUri}' with certificate '{certificate.Thumbprint}' issued by '{certificate.IssuerName.Name}'.");
return true;
}
else
{
return sslPolicyErrors == SslPolicyErrors.None;
}
};
}
}

public bool SkipServerCertificateValidation { private set; get; }
public string CACertificateFile { private set; get; }
public string ClientCertificateFile { private set; get; }
Expand Down
2 changes: 1 addition & 1 deletion src/Microsoft.VisualStudio.Services.Agent/Constants.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ public enum OSPlatform

public static class Agent
{
public static readonly string Version = "2.125.0";
public static readonly string Version = "2.125.1";

#if OS_LINUX
public static readonly OSPlatform Platform = OSPlatform.Linux;
Expand Down
1 change: 0 additions & 1 deletion src/Microsoft.VisualStudio.Services.Agent/Util/ApiUtil.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ public static void InitializeVssClientSettings(IVstsAgentWebProxy proxySetting,

VssClientHttpRequestSettings.Default.UserAgent = headerValues;
VssClientHttpRequestSettings.Default.ClientCertificateManager = certSetting;
VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = certSetting.ServerCertificateValidationCallback;
VssHttpMessageHandler.DefaultWebProxy = proxySetting;
}

Expand Down

0 comments on commit 5b05e8f

Please sign in to comment.