ITlsConnectionFeature.ClientCertificate is used to get the client certificate for the current connection. ITlsConnectionFeature.GetClientCertificateAsync is used to renegotiate the TLS session to request a certificate if you don't already have one. HttpSys has had a behavior in the past where it triggered the renegotiate even from the ClientCertificate property. ClientCertificateMethod.AllowRenegotation was added to control that, but it also disables it for GetClientCertificateAsync.
When implementing GetClientCertificateAsync renegotiation for Kestrel it became clear that the pattern developers want is for ClientCertificate to return the current certificate, if any, and for GetClientCertificateAsync to renegotiate for a cert if enabled. This allows them to do conditional logic like buffer the request body before starting the renegotiation.
Proposal: Remove the renegotiate logic from the ClientCertificate property and clean up the SetInitialized logic so that GetClientCertificateAsync can still renegotiate after ClientCertificate is called.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4