fix assert in ssl options clone (#72326)

* fix assert in ssl options clone * add CertificateChainPolicy * remove extra assert

fix assert in ssl options clone (#72326)
* fix assert in ssl options clone * add CertificateChainPolicy * remove extra assert
f275edb3 · Tomas Weinfurt · GitHub · c94c3f96 · f275edb3 · f275edb3
3 changed file
--- a/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs
+++ b/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs
@@ -13,9 +13,9 @@ internal static partial class CertificateHelper
    {
        private const string ClientAuthenticationOID = "1.3.6.1.5.5.7.3.2";

-        internal static X509Certificate2? GetEligibleClientCertificate(X509CertificateCollection candidateCerts)
+        internal static X509Certificate2? GetEligibleClientCertificate(X509CertificateCollection? candidateCerts)
        {
-            if (candidateCerts.Count == 0)
+            if (candidateCerts == null || candidateCerts.Count == 0)
            {
                return null;
            }
@@ -26,9 +26,9 @@ internal static partial class CertificateHelper
            return GetEligibleClientCertificate(certs);
        }

-        internal static X509Certificate2? GetEligibleClientCertificate(X509Certificate2Collection candidateCerts)
+        internal static X509Certificate2? GetEligibleClientCertificate(X509Certificate2Collection? candidateCerts)
        {
-            if (candidateCerts.Count == 0)
+            if (candidateCerts == null || candidateCerts.Count == 0)
            {
                return null;
            }

--- a/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs
+++ b/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs
@@ -19,6 +19,7 @@ public static SslClientAuthenticationOptions ShallowClone(this SslClientAuthenti
                AllowRenegotiation = options.AllowRenegotiation,
                ApplicationProtocols = options.ApplicationProtocols != null ? new List<SslApplicationProtocol>(options.ApplicationProtocols) : null,
                CertificateRevocationCheckMode = options.CertificateRevocationCheckMode,
+                CertificateChainPolicy = options.CertificateChainPolicy,
                CipherSuitesPolicy = options.CipherSuitesPolicy,
                ClientCertificates = options.ClientCertificates,
                EnabledSslProtocols = options.EnabledSslProtocols,

--- a/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs
+++ b/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs
@@ -222,7 +222,7 @@ public ClientCertificateOption ClientCertificateOptions
 #else
                        ThrowForModifiedManagedSslOptionsIfStarted();
                        _clientCertificateOptions = value;
-                        _underlyingHandler.SslOptions.LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) => CertificateHelper.GetEligibleClientCertificate(ClientCertificates)!;
+                        _underlyingHandler.SslOptions.LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) => CertificateHelper.GetEligibleClientCertificate(_underlyingHandler.SslOptions.ClientCertificates)!;
 #endif
                        break;