From b0597f4a8f280579992babf385cc1e3653bcf1f8 Mon Sep 17 00:00:00 2001 From: Mantavya Dhingra Date: Thu, 19 Dec 2024 13:07:23 +0530 Subject: [PATCH 1/2] Changing the callback checking for custom certificate validation --- src/Agent.Sdk/Util/VssUtil.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Agent.Sdk/Util/VssUtil.cs b/src/Agent.Sdk/Util/VssUtil.cs index a1d1d278e8..4fa56eec6e 100644 --- a/src/Agent.Sdk/Util/VssUtil.cs +++ b/src/Agent.Sdk/Util/VssUtil.cs @@ -7,6 +7,7 @@ using System.Collections.Generic; using System.Globalization; using System.Net.Http; +using System.Net.Security; using Microsoft.TeamFoundation.DistributedTask.WebApi; using Microsoft.VisualStudio.Services.Common; using Microsoft.VisualStudio.Services.WebApi; @@ -167,7 +168,7 @@ private static bool CheckSupportOfCustomServerCertificateValidation(ITraceWriter { using (var handler = new HttpClientHandler()) { - handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }; + handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return errors == SslPolicyErrors.None; }; using (var client = new HttpClient(handler)) { From ac20c168f9054d6fc10a48b665c8c13302e7ca0c Mon Sep 17 00:00:00 2001 From: Mantavya Dhingra Date: Tue, 24 Dec 2024 17:07:26 +0530 Subject: [PATCH 2/2] Adding Unit Test and Comments --- src/Agent.Sdk/Util/VssUtil.cs | 4 +++- src/Test/L0/Util/VssUtilL0.cs | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/src/Agent.Sdk/Util/VssUtil.cs b/src/Agent.Sdk/Util/VssUtil.cs index 4fa56eec6e..e2bbeeedf0 100644 --- a/src/Agent.Sdk/Util/VssUtil.cs +++ b/src/Agent.Sdk/Util/VssUtil.cs @@ -164,6 +164,7 @@ public static bool IsCustomServerCertificateValidationSupported(ITraceWriter tra return true; } + // The function is to check if the custom server certificate validation is supported on the current platform. private static bool CheckSupportOfCustomServerCertificateValidation(ITraceWriter trace) { using (var handler = new HttpClientHandler()) @@ -175,10 +176,11 @@ private static bool CheckSupportOfCustomServerCertificateValidation(ITraceWriter try { client.GetAsync(_testUri).GetAwaiter().GetResult(); + trace.Verbose("Custom Server Validation Callback Successful, SSL diagnostic data collection is enabled."); } catch (Exception e) { - trace.Verbose($"SSL diagnostic data collection is disabled, due to issue:\n{e.Message}"); + trace.Verbose($"Custom Server Validation Callback Unsuccessful, SSL diagnostic data collection is disabled, due to issue:\n{e.Message}"); return false; } return true; diff --git a/src/Test/L0/Util/VssUtilL0.cs b/src/Test/L0/Util/VssUtilL0.cs index 6dfab4ae31..18872dbb0f 100644 --- a/src/Test/L0/Util/VssUtilL0.cs +++ b/src/Test/L0/Util/VssUtilL0.cs @@ -59,5 +59,38 @@ public void VerifyOverwriteVssConnectionSetting() } } } + + [Fact] + [Trait("Level", "L0")] + [Trait("Category", "Common")] + public void VerifyVSSConnectionUsingLegacyHandler() + { + Regex _serverSideAgentPlatformMatchingRegex = new Regex("vstsagentcore-(.+)(?=/)", RegexOptions.Compiled | RegexOptions.IgnoreCase); + + using (TestHostContext hc = new TestHostContext(this)) + { + Tracing trace = hc.GetTrace(); + // Act. + try + { + Environment.SetEnvironmentVariable("AZP_AGENT_USE_LEGACY_HTTP", "true"); + + var exception = Record.Exception(() => + { + var connection = VssUtil.CreateConnection( + new Uri("https://github.com/Microsoft/vsts-agent"), + new VssCredentials(), + trace); + }); + + Assert.Null(exception); + } + finally + { + Environment.SetEnvironmentVariable("AZP_AGENT_USE_LEGACY_HTTP", ""); + } + } + + } } }