4
4
using System . Linq ;
5
5
using System . Net ;
6
6
using System . Net . Http ;
7
+ using System . Security . Cryptography . X509Certificates ;
7
8
using System . Reflection ;
8
9
using System . Text ;
9
10
using System . Threading ;
@@ -388,8 +389,29 @@ static decimal SignificantDigits (decimal number, int maxDigitCount)
388
389
389
390
public static HttpClient CreateHttpClient ( )
390
391
{
391
- var handler = new HttpClientHandler {
392
- CheckCertificateRevocationList = true ,
392
+ // Originally from: https://github.com/dotnet/arcade/pull/15546
393
+ // Configure the cert revocation check in a fail-open state to avoid intermittent failures
394
+ // on Mac if the endpoint is not available. This is only available on .NET Core, but has only been
395
+ // observed on Mac anyway.
396
+
397
+ var handler = new SocketsHttpHandler ( ) ;
398
+ handler . SslOptions . CertificateChainPolicy = new X509ChainPolicy {
399
+ // Yes, check revocation.
400
+ // Yes, allow it to be downloaded if needed.
401
+ // Online is the default, but it doesn't hurt to be explicit.
402
+ RevocationMode = X509RevocationMode . Online ,
403
+ // Roots never bother with revocation.
404
+ // ExcludeRoot is the default, but it doesn't hurt to be explicit.
405
+ RevocationFlag = X509RevocationFlag . ExcludeRoot ,
406
+ // RevocationStatusUnknown at the EndEntity/Leaf certificate will not fail the chain build.
407
+ // RevocationStatusUnknown for any intermediate CA will not fail the chain build.
408
+ // IgnoreRootRevocationUnknown could also be specified, but it won't apply given ExcludeRoot above.
409
+ // The default is that all status codes are bad, this is not the default.
410
+ VerificationFlags =
411
+ X509VerificationFlags . IgnoreCertificateAuthorityRevocationUnknown |
412
+ X509VerificationFlags . IgnoreEndRevocationUnknown ,
413
+ // Always use the "now" when building the chain, rather than the "now" of when this policy object was constructed.
414
+ VerificationTimeIgnored = true ,
393
415
} ;
394
416
395
417
return new HttpClient ( handler ) ;
@@ -409,6 +431,7 @@ public static HttpClient CreateHttpClient ()
409
431
return ( true , ( ulong ) resp . Content . Headers . ContentLength . Value , resp . StatusCode ) ;
410
432
}
411
433
} catch ( Exception ex ) {
434
+ Log . WarningLine ( $ "GetDownloadSize of '{ url } ' failed: { ex } ") ;
412
435
if ( i < ExceptionRetries - 1 ) {
413
436
WaitAWhile ( $ "GetDownloadSize { url } ", i , ref ex , ref delay ) ;
414
437
}
@@ -434,6 +457,7 @@ public static async Task<bool> Download (Uri url, string targetFile, DownloadSta
434
457
succeeded = true ;
435
458
break ;
436
459
} catch ( Exception ex ) {
460
+ Log . WarningLine ( $ "Download of '{ url } ' failed: { ex } ") ;
437
461
if ( i < ExceptionRetries - 1 ) {
438
462
WaitAWhile ( $ "Download { url } ", i , ref ex , ref delay ) ;
439
463
}
0 commit comments