Avoid rooting X509Certificate2 in SslSessionCache (dotnet#101120)

* Avoid rooting X509Certificate2 in SslSessionCache * Update src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs Co-authored-by: campersau <[email protected]> --------- Co-authored-by: campersau <[email protected]>
matouskozak · Apr 30, 2024 · 229567d · 229567d
1 parent 711b268
commit 229567d
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 5 deletions.
diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs
@@ -335,13 +335,12 @@ internal sealed class SafeFreeCredential_SECURITY : SafeFreeCredentials
     {
 #pragma warning disable 0649
         // This is used only by SslStream but it is included elsewhere
-        public X509Certificate? LocalCertificate;
+        public bool HasLocalCertificate;
 #pragma warning restore 0649
         public SafeFreeCredential_SECURITY() : base() { }
 
         protected override bool ReleaseHandle()
         {
-            LocalCertificate?.Dispose();
             return Interop.SspiCli.FreeCredentialsHandle(ref _handle) == 0;
         }
     }

diff --git a/src/libraries/System.Net.Security/src/System/Net/CertificateValidationPal.Windows.cs b/src/libraries/System.Net.Security/src/System/Net/CertificateValidationPal.Windows.cs
@@ -105,7 +105,7 @@ internal static bool IsLocalCertificateUsed(SafeFreeCredentials? _credentialsHan
                 // This is TLS Resumed session. Windows can fail to query the local cert bellow.
                 // Instead, we will determine the usage form used credentials.
                 SafeFreeCredential_SECURITY creds = (SafeFreeCredential_SECURITY)_credentialsHandle!;
-                return creds.LocalCertificate != null;
+                return creds.HasLocalCertificate;
             }
 
             SafeFreeCertContext? localContext = null;

diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs
@@ -233,8 +233,7 @@ public static SafeFreeCredentials AcquireCredentialsHandle(SslAuthenticationOpti
                 if (newCredentialsRequested && sslAuthenticationOptions.CertificateContext != null)
                 {
                     SafeFreeCredential_SECURITY handle = (SafeFreeCredential_SECURITY)cred;
-                    // We need to create copy to avoid Disposal issue.
-                    handle.LocalCertificate = new X509Certificate2(sslAuthenticationOptions.CertificateContext.TargetCertificate);
+                    handle.HasLocalCertificate = true;
                 }
 
                 return cred;