internal void UpdateOptions(ServerOptionsSelectionCallback optionCallback, object?state) { CheckCertName = false; TargetHost = string.Empty; IsServer = true; UserState = state; ServerOptionDelegate = optionCallback; }
/// <summary> /// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or /// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>. /// </summary> /// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param> /// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param> /// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param> /// <param name="handshakeTimeout">Specifies the maximum amount of time allowed for the TLS/SSL handshake. This must be positive and finite.</param> /// <returns>The <see cref="ListenOptions"/>.</returns> public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state, TimeSpan handshakeTimeout) { return(listenOptions.UseHttps(new TlsHandshakeCallbackOptions() { OnConnection = context => serverOptionsSelectionCallback(context.SslStream, context.ClientHelloInfo, context.State, context.CancellationToken), HandshakeTimeout = handshakeTimeout, OnConnectionState = state, })); }
internal SslAuthenticationOptions(ServerOptionsSelectionCallback optionCallback, object?state, RemoteCertificateValidationCallback?remoteCallback) { CheckCertName = false; TargetHost = string.Empty; IsServer = true; UserState = state; ServerOptionDelegate = optionCallback; CertValidationDelegate = remoteCallback; }
/// <summary> /// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or /// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>. /// </summary> /// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param> /// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param> /// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param> /// <param name="handshakeTimeout">Specifies the maximum amount of time allowed for the TLS/SSL handshake. This must be positive and finite.</param> /// <returns>The <see cref="ListenOptions"/>.</returns> public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state, TimeSpan handshakeTimeout) { // HttpsOptionsCallback is an internal delegate that is just the ServerOptionsSelectionCallback + a ConnectionContext parameter. // Given that ConnectionContext will eventually be replaced by System.Net.Connections, it doesn't make much sense to make the HttpsOptionsCallback delegate public. HttpsOptionsCallback adaptedCallback = (connection, stream, clientHelloInfo, state, cancellationToken) => serverOptionsSelectionCallback(stream, clientHelloInfo, state, cancellationToken); return(listenOptions.UseHttps(adaptedCallback, state, handshakeTimeout)); }
/// <summary> /// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or /// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>. /// </summary> /// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param> /// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param> /// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param> /// <param name="handshakeTimeout">Specifies the maximum amount of time allowed for the TLS/SSL handshake. This must be positive and finite.</param> /// <returns>The <see cref="ListenOptions"/>.</returns> public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state, TimeSpan handshakeTimeout) { if (listenOptions.Protocols.HasFlag(HttpProtocols.Http3)) { throw new NotSupportedException($"{nameof(UseHttps)} with {nameof(ServerOptionsSelectionCallback)} is not supported with HTTP/3."); } return(listenOptions.UseHttps(new TlsHandshakeCallbackOptions() { OnConnection = context => serverOptionsSelectionCallback(context.SslStream, context.ClientHelloInfo, context.State, context.CancellationToken), HandshakeTimeout = handshakeTimeout, OnConnectionState = state, })); }
/// <summary> /// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or /// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>. /// </summary> /// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param> /// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param> /// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param> /// <param name="handshakeTimeout">Specifies the maximum amount of time allowed for the TLS/SSL handshake. This must be positive and finite.</param> /// <returns>The <see cref="ListenOptions"/>.</returns> public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state, TimeSpan handshakeTimeout) { // HttpsOptionsCallback is an internal delegate that is the ServerOptionsSelectionCallback, a ConnectionContext, and the ClientCertificateMode. // Given that ConnectionContext will eventually be replaced by System.Net.Connections, it doesn't make much sense to make the HttpsOptionsCallback delegate public. return(listenOptions.UseHttps(GetTlsOptionsAsync, state, handshakeTimeout)); async ValueTask <(SslServerAuthenticationOptions, ClientCertificateMode)> GetTlsOptionsAsync( ConnectionContext connection, SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken) { var tlsOptions = await serverOptionsSelectionCallback(stream, clientHelloInfo, state, cancellationToken); return(new (tlsOptions, ClientCertificateMode.DelayCertificate)); } }
/// <summary> /// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or /// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>. /// </summary> /// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param> /// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param> /// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param> /// <returns>The <see cref="ListenOptions"/>.</returns> public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state) { return(listenOptions.UseHttps(serverOptionsSelectionCallback, state, HttpsConnectionAdapterOptions.DefaultHandshakeTimeout)); }
public static void Main(string[] args) { var hostBuilder = new HostBuilder() .ConfigureLogging((_, factory) => { factory.SetMinimumLevel(LogLevel.Trace); factory.AddConsole(); }) .ConfigureWebHost(webHost => { webHost.UseKestrel() .ConfigureKestrel((context, options) => { var cert = CertificateLoader.LoadFromStoreCert("localhost", StoreName.My.ToString(), StoreLocation.CurrentUser, false); options.ConfigureHttpsDefaults(httpsOptions => { httpsOptions.ServerCertificate = cert; // httpsOptions.ClientCertificateMode = ClientCertificateMode.AllowCertificate; // httpsOptions.AllowAnyClientCertificate(); }); options.ListenAnyIP(5000, listenOptions => { listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); options.ListenAnyIP(5001, listenOptions => { listenOptions.UseHttps(); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3; }); options.ListenAnyIP(5002, listenOptions => { listenOptions.UseHttps(StoreName.My, "localhost"); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http3; }); options.ListenAnyIP(5003, listenOptions => { listenOptions.UseHttps(httpsOptions => { // ConnectionContext is null httpsOptions.ServerCertificateSelector = (context, host) => cert; }); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3; }); // No SslServerAuthenticationOptions callback is currently supported by QuicListener options.ListenAnyIP(5004, listenOptions => { listenOptions.UseHttps(httpsOptions => { httpsOptions.OnAuthenticate = (_, sslOptions) => sslOptions.ServerCertificate = cert; }); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); // ServerOptionsSelectionCallback isn't currently supported by QuicListener options.ListenAnyIP(5005, listenOptions => { ServerOptionsSelectionCallback callback = (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken) => { var options = new SslServerAuthenticationOptions() { ServerCertificate = cert, }; return(new ValueTask <SslServerAuthenticationOptions>(options)); }; listenOptions.UseHttps(callback, state: null); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); // TlsHandshakeCallbackOptions (ServerOptionsSelectionCallback) isn't currently supported by QuicListener options.ListenAnyIP(5006, listenOptions => { listenOptions.UseHttps(new TlsHandshakeCallbackOptions() { OnConnection = context => { var options = new SslServerAuthenticationOptions() { ServerCertificate = cert, }; return(new ValueTask <SslServerAuthenticationOptions>(options)); }, }); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); }) .UseStartup <Startup>(); }); hostBuilder.Build().Run(); }
internal void UpdateOptions(ServerOptionsSelectionCallback optionCallback, object?state) { }
public static void Main(string[] args) { var hostBuilder = new HostBuilder() .ConfigureLogging((_, factory) => { factory.SetMinimumLevel(LogLevel.Trace); factory.AddSimpleConsole(o => o.TimestampFormat = "[HH:mm:ss.fff] "); }) .ConfigureWebHost(webHost => { var cert = CertificateLoader.LoadFromStoreCert("localhost", StoreName.My.ToString(), StoreLocation.CurrentUser, false); webHost.UseKestrel() .ConfigureKestrel((context, options) => { options.ListenAnyIP(5000, listenOptions => { listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); options.Listen(IPAddress.Any, 5001, listenOptions => { listenOptions.UseHttps(); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3; }); options.ListenAnyIP(5002, listenOptions => { listenOptions.UseConnectionLogging(); listenOptions.UseHttps(StoreName.My, "localhost"); listenOptions.Protocols = HttpProtocols.Http3; }); options.ListenAnyIP(5003, listenOptions => { listenOptions.UseHttps(httpsOptions => { // ConnectionContext is null httpsOptions.ServerCertificateSelector = (context, host) => cert; }); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3; }); // No SslServerAuthenticationOptions callback is currently supported by QuicListener options.ListenAnyIP(5004, listenOptions => { listenOptions.UseHttps(httpsOptions => { httpsOptions.OnAuthenticate = (_, sslOptions) => sslOptions.ServerCertificate = cert; }); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); // ServerOptionsSelectionCallback isn't currently supported by QuicListener options.ListenAnyIP(5005, listenOptions => { ServerOptionsSelectionCallback callback = (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken) => { var options = new SslServerAuthenticationOptions() { ServerCertificate = cert, }; return(new ValueTask <SslServerAuthenticationOptions>(options)); }; listenOptions.UseHttps(callback, state: null); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); // TlsHandshakeCallbackOptions (ServerOptionsSelectionCallback) isn't currently supported by QuicListener options.ListenAnyIP(5006, listenOptions => { listenOptions.UseHttps(new TlsHandshakeCallbackOptions() { OnConnection = context => { var options = new SslServerAuthenticationOptions() { ServerCertificate = cert, }; return(new ValueTask <SslServerAuthenticationOptions>(options)); }, }); listenOptions.UseConnectionLogging(); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); }) .UseStartup <Startup>(); }); var host = hostBuilder.Build(); // Listener needs to be configured before host (and HTTP/3 endpoints) start up. using var httpEventSource = new HttpEventSourceListener(host.Services.GetRequiredService <ILoggerFactory>()); host.Run(); }