diff --git a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs index d027b87f0d86df..b2d0179378eca8 100644 --- a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs +++ b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.ServerCertificates.cs @@ -48,7 +48,7 @@ public void Ctor_ExpectedDefaultValues() using (HttpClientHandler handler = CreateHttpClientHandler()) { Assert.Null(handler.ServerCertificateCustomValidationCallback); - Assert.True(handler.CheckCertificateRevocationList); + Assert.False(handler.CheckCertificateRevocationList); } } diff --git a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs index 450edaab12e377..b18dd83dcbeb71 100644 --- a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs +++ b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs @@ -76,9 +76,9 @@ public void Ctor_ExpectedDefaultPropertyValues() Assert.False(handler.PreAuthenticate); Assert.True(handler.SupportsProxy); Assert.True(handler.SupportsRedirectConfiguration); + Assert.False(handler.CheckCertificateRevocationList); // Changes from .NET Framework. - Assert.True(handler.CheckCertificateRevocationList); Assert.Equal(0, handler.MaxRequestContentBufferSize); Assert.Equal(SslProtocols.None, handler.SslProtocols); } diff --git a/src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs b/src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs index 110fc6a7ca29ca..1edeb191cc7ab7 100644 --- a/src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs +++ b/src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs @@ -43,10 +43,7 @@ public class WinHttpHandler : HttpMessageHandler internal static readonly Version HttpVersion20 = new Version(2, 0); internal static readonly Version HttpVersion30 = new Version(3, 0); internal static readonly Version HttpVersionUnknown = new Version(0, 0); - internal static bool DefaultCertificateRevocationCheck { get; } = - AppContextSwitchHelper.GetBooleanConfig( - "System.Net.Security.NoRevocationCheckByDefault", - "DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT") ? false : true; + internal static bool DefaultCertificateRevocationCheck { get; } internal static bool CertificateCachingAppContextSwitchEnabled { get; } = AppContext.TryGetSwitch("System.Net.Http.UseWinHttpCertificateCaching", out bool enabled) && enabled; private static readonly TimeSpan s_maxTimeout = TimeSpan.FromMilliseconds(int.MaxValue); diff --git a/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/WinHttpHandlerTest.cs b/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/WinHttpHandlerTest.cs index 2505480230e59e..d257f38d382d6f 100644 --- a/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/WinHttpHandlerTest.cs +++ b/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/WinHttpHandlerTest.cs @@ -45,7 +45,7 @@ public void Ctor_ExpectedDefaultPropertyValues() Assert.Equal(CookieUsePolicy.UseInternalCookieStoreOnly, handler.CookieUsePolicy); Assert.Null(handler.CookieContainer); Assert.Null(handler.ServerCertificateValidationCallback); - Assert.True(handler.CheckCertificateRevocationList); + Assert.False(handler.CheckCertificateRevocationList); Assert.Equal(ClientCertificateOption.Manual, handler.ClientCertificateOption); X509Certificate2Collection certs = handler.ClientCertificates; Assert.True(certs.Count == 0); @@ -130,7 +130,8 @@ public void TcpKeepalive_WhenEnabled_ForwardsCorrectNativeOptions() { using var handler = new WinHttpHandler(); - SendRequestHelper.Send(handler, () => { + SendRequestHelper.Send(handler, () => + { handler.TcpKeepAliveEnabled = true; handler.TcpKeepAliveTime = TimeSpan.FromMinutes(13); handler.TcpKeepAliveInterval = TimeSpan.FromSeconds(42); @@ -148,7 +149,8 @@ public void TcpKeepalive_InfiniteTimeSpan_TranslatesToUInt32MaxValue() { using var handler = new WinHttpHandler(); - SendRequestHelper.Send(handler, () => { + SendRequestHelper.Send(handler, () => + { handler.TcpKeepAliveEnabled = true; handler.TcpKeepAliveTime = Timeout.InfiniteTimeSpan; handler.TcpKeepAliveInterval = Timeout.InfiniteTimeSpan; @@ -312,7 +314,8 @@ public void CookieUsePolicy_SetUseSpecifiedCookieContainerAndContainer_ExpectedW SendRequestHelper.Send( handler, - delegate { + delegate + { handler.CookieUsePolicy = CookieUsePolicy.UseSpecifiedCookieContainer; handler.CookieContainer = new CookieContainer(); }); diff --git a/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs b/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs index 332e31489c0f93..f5877a3bd2e286 100644 --- a/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs +++ b/src/libraries/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs @@ -2540,7 +2540,7 @@ public void SslOptions_GetSet_Roundtrips() Assert.True(options.AllowRenegotiation); Assert.Null(options.ApplicationProtocols); - Assert.Equal(X509RevocationMode.Online, options.CertificateRevocationCheckMode); + Assert.Equal(X509RevocationMode.NoCheck, options.CertificateRevocationCheckMode); Assert.Null(options.ClientCertificates); Assert.Equal(SslProtocols.None, options.EnabledSslProtocols); Assert.Equal(EncryptionPolicy.RequireEncryption, options.EncryptionPolicy); diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs index c70cbb3bb4e8ae..fce59ffaef0d74 100644 --- a/src/libraries/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs +++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs @@ -13,11 +13,7 @@ internal sealed class SslAuthenticationOptions : IDisposable { private const string EnableOcspStaplingContextSwitchName = "System.Net.Security.EnableServerOcspStaplingFromOnlyCertificateOnLinux"; - internal static readonly X509RevocationMode DefaultRevocationMode = - AppContextSwitchHelper.GetBooleanConfig( - "System.Net.Security.NoRevocationCheckByDefault", - "DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT") - ? X509RevocationMode.NoCheck : X509RevocationMode.Online; + internal const X509RevocationMode DefaultRevocationMode = X509RevocationMode.NoCheck; internal SslAuthenticationOptions() { diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamRemoteExecutorTests.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamRemoteExecutorTests.cs index 4ac1691eb7f1fb..46a4707b43cf01 100644 --- a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamRemoteExecutorTests.cs +++ b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamRemoteExecutorTests.cs @@ -83,31 +83,5 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout( Assert.True(File.ReadAllText(tempFile).Length == 0); } } - - [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] - [InlineData(true)] - [InlineData(false)] - public void DefaultRevocationMode_OfflineRevocationByDefault_True_UsesNoCheck(bool useEnvVar) - { - var psi = new ProcessStartInfo(); - if (useEnvVar) - { - psi.Environment.Add("DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT", "true"); - } - - Assert.Equal(X509RevocationMode.Online, new SslClientAuthenticationOptions().CertificateRevocationCheckMode); - Assert.Equal(X509RevocationMode.Online, new SslServerAuthenticationOptions().CertificateRevocationCheckMode); - - RemoteExecutor.Invoke(useEnvVar => - { - if (!bool.Parse(useEnvVar)) - { - AppContext.SetSwitch("System.Net.Security.NoRevocationCheckByDefault", true); - } - - Assert.Equal(X509RevocationMode.NoCheck, new SslClientAuthenticationOptions().CertificateRevocationCheckMode); - Assert.Equal(X509RevocationMode.NoCheck, new SslServerAuthenticationOptions().CertificateRevocationCheckMode); - }, useEnvVar.ToString(), new RemoteInvokeOptions { StartInfo = psi }).Dispose(); - } } } diff --git a/src/libraries/System.Net.Security/tests/UnitTests/SslAuthenticationOptionsTests.cs b/src/libraries/System.Net.Security/tests/UnitTests/SslAuthenticationOptionsTests.cs index 22c8bcfffae93d..b7e9d29d9dda98 100644 --- a/src/libraries/System.Net.Security/tests/UnitTests/SslAuthenticationOptionsTests.cs +++ b/src/libraries/System.Net.Security/tests/UnitTests/SslAuthenticationOptionsTests.cs @@ -133,13 +133,13 @@ public void EnabledSslProtocols_Get_Set_Succeeds() [Fact] public void CheckCertificateRevocation_Get_Set_Succeeds() { - Assert.Equal(X509RevocationMode.Online, _clientOptions.CertificateRevocationCheckMode); - Assert.Equal(X509RevocationMode.Online, _serverOptions.CertificateRevocationCheckMode); + Assert.Equal(X509RevocationMode.NoCheck, _clientOptions.CertificateRevocationCheckMode); + Assert.Equal(X509RevocationMode.NoCheck, _serverOptions.CertificateRevocationCheckMode); - _clientOptions.CertificateRevocationCheckMode = X509RevocationMode.NoCheck; + _clientOptions.CertificateRevocationCheckMode = X509RevocationMode.Online; _serverOptions.CertificateRevocationCheckMode = X509RevocationMode.Offline; - Assert.Equal(X509RevocationMode.NoCheck, _clientOptions.CertificateRevocationCheckMode); + Assert.Equal(X509RevocationMode.Online, _clientOptions.CertificateRevocationCheckMode); Assert.Equal(X509RevocationMode.Offline, _serverOptions.CertificateRevocationCheckMode); Assert.Throws(() => _clientOptions.CertificateRevocationCheckMode = (X509RevocationMode)3);