add option to use native dotnet http handler for http(s)

Author: bruegth

src/Docker.DotNet.X509/CertificateCredentials.cs

@@ -1,3 +1,7 @@
+using System;
+using System.Collections.Generic;
+using System.Security.Authentication;
+
 namespace Docker.DotNet.X509;
 
 public class CertificateCredentials : Credentials
@@ -24,17 +28,37 @@ public override bool IsTlsCredentials()
 
     public override HttpMessageHandler GetHandler(HttpMessageHandler handler)
     {
-        if (handler is not ManagedHandler managedHandler)
+        if (handler is ManagedHandler managedHandler)
         {
-            return handler;
+            if (!managedHandler.ClientCertificates.Contains(_certificate))
+            {
+                managedHandler.ClientCertificates.Add(_certificate);
+            }
+
+            managedHandler.ServerCertificateValidationCallback = ServerCertificateValidationCallback;
+
+            return managedHandler;
         }
 
-        if (!managedHandler.ClientCertificates.Contains(_certificate))
+        if (handler is HttpClientHandler nativeHandler)
         {
-            managedHandler.ClientCertificates.Add(_certificate);
-        }
+            if (!nativeHandler.ClientCertificates.Contains(_certificate))
+            {
+                nativeHandler.ClientCertificates.Add(_certificate);
+            }
+
+            nativeHandler.ClientCertificateOptions = ClientCertificateOption.Manual;
+            nativeHandler.CheckCertificateRevocationList = false;
+            nativeHandler.AllowAutoRedirect = false;
+            nativeHandler.UseProxy = false;
+            nativeHandler.AllowAutoRedirect = true;
+            nativeHandler.MaxAutomaticRedirections = 20;
+            nativeHandler.Proxy = null;
+            nativeHandler.SslProtocols = SslProtocols.Tls12;
+            nativeHandler.ServerCertificateCustomValidationCallback += (message, certificate, chain, errors) => ServerCertificateValidationCallback?.Invoke(message, certificate, chain, errors) ?? false;
 
-        managedHandler.ServerCertificateValidationCallback = ServerCertificateValidationCallback;
+            return nativeHandler;
+        }
 
         return handler;
     }

src/Docker.DotNet/DockerClient.cs

@@ -34,7 +34,7 @@ internal DockerClient(DockerClientConfiguration configuration, Version requested
         Plugin = new PluginOperations(this);
         Exec = new ExecOperations(this);
 
-        ManagedHandler handler;
+        HttpMessageHandler handler;
         var uri = Configuration.EndpointBaseUri;
         switch (uri.Scheme.ToLowerInvariant())
         {
@@ -80,11 +80,17 @@ await stream.ConnectAsync(timeout, cancellationToken)
                     Scheme = configuration.Credentials.IsTlsCredentials() ? "https" : "http"
                 };
                 uri = builder.Uri;
-                handler = new ManagedHandler(logger);
+                if (configuration.NativeHttpHandler)
+                    handler = new HttpClientHandler();
+                else
+                    handler = new ManagedHandler(logger);
                 break;
 
             case "https":
-                handler = new ManagedHandler(logger);
+                if (configuration.NativeHttpHandler)
+                    handler = new HttpClientHandler();
+                else
+                    handler = new ManagedHandler(logger);
                 break;
 
             case "unix":

src/Docker.DotNet/DockerClientConfiguration.cs

@@ -8,8 +8,9 @@ public DockerClientConfiguration(
         Credentials credentials = null,
         TimeSpan defaultTimeout = default,
         TimeSpan namedPipeConnectTimeout = default,
-        IReadOnlyDictionary<string, string> defaultHttpRequestHeaders = null)
-        : this(GetLocalDockerEndpoint(), credentials, defaultTimeout, namedPipeConnectTimeout, defaultHttpRequestHeaders)
+        IReadOnlyDictionary<string, string> defaultHttpRequestHeaders = null,
+        bool nativeHttpHandler = false)
+        : this(GetLocalDockerEndpoint(), credentials, defaultTimeout, namedPipeConnectTimeout, defaultHttpRequestHeaders, nativeHttpHandler)
     {
     }
 
@@ -18,7 +19,8 @@ public DockerClientConfiguration(
         Credentials credentials = null,
         TimeSpan defaultTimeout = default,
         TimeSpan namedPipeConnectTimeout = default,
-        IReadOnlyDictionary<string, string> defaultHttpRequestHeaders = null)
+        IReadOnlyDictionary<string, string> defaultHttpRequestHeaders = null,
+        bool nativeHttpHandler = false)
     {
         if (endpoint == null)
         {
@@ -35,6 +37,7 @@ public DockerClientConfiguration(
         DefaultTimeout = TimeSpan.Equals(TimeSpan.Zero, defaultTimeout) ? TimeSpan.FromSeconds(100) : defaultTimeout;
         NamedPipeConnectTimeout = TimeSpan.Equals(TimeSpan.Zero, namedPipeConnectTimeout) ? TimeSpan.FromMilliseconds(100) : namedPipeConnectTimeout;
         DefaultHttpRequestHeaders = defaultHttpRequestHeaders ?? new Dictionary<string, string>();
+        NativeHttpHandler = nativeHttpHandler;
     }
 
     /// <summary>
@@ -50,6 +53,8 @@ public DockerClientConfiguration(
 
     public TimeSpan NamedPipeConnectTimeout { get; }
 
+    public bool NativeHttpHandler { get; }
+
     public DockerClient CreateClient(Version requestedApiVersion = null, ILogger logger = null)
     {
         return new DockerClient(this, requestedApiVersion, logger);

test/Docker.DotNet.Tests/TestFixture.cs

@@ -21,7 +21,7 @@ public sealed class TestFixture : Progress<JSONMessage>, IAsyncLifetime, IDispos
     public TestFixture(IMessageSink messageSink)
     {
         _messageSink = messageSink;
-        DockerClientConfiguration = new DockerClientConfiguration();
+        DockerClientConfiguration = new DockerClientConfiguration(nativeHttpHandler: true);
         DockerClient = DockerClientConfiguration.CreateClient(logger: this);
         Cts = new CancellationTokenSource(TimeSpan.FromMinutes(5));
         Cts.Token.Register(() => throw new TimeoutException("Docker.DotNet tests timed out."));