Make sync SslStream.AuthenticateAs overload with SslOptions public

[ManickaP]

Make SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions) public.
Possibly make SslStream.AuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions) public as well to keep the API consistent. This one is not required, only suggested.

Motivation

To properly support sync implementation of HttpClient (see #32125).

Without this overload, it is not possible to pass custom certificate callbacks (neither RemoteCertificateValidationCallback nor LocalCertificateSelectionCallback). Eventually failing authentication which would otherwise pass in an async scenario.

The corresponding async method AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken = default) already is public. And there are other sync overloads which are public. This issue is not the first one introducing sync methods on SslStream.

Existing API for AuthenticateAsClient(Async): https://github.com/dotnet/runtime/blob/master/src/libraries/System.Net.Security/ref/System.Net.Security.cs#L185-L191
Existing API for AuthenticateAsServer(Async): https://github.com/dotnet/runtime/blob/master/src/libraries/System.Net.Security/ref/System.Net.Security.cs#L192-L198

Proposed API

public partial class SslStream : System.Net.Security.AuthenticatedStream
{
...
    // Required for client method:
    // existing public methods:
    public Task AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken = default);
    // Existing synchronous overloads
    public virtual void AuthenticateAsClient(string targetHost);
    public virtual void AuthenticateAsClient(string targetHost, X509CertificateCollection? clientCertificates, bool checkCertificateRevocation);
    public virtual void AuthenticateAsClient(string targetHost, X509CertificateCollection? clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
    // NEW overload (existing private method to be made public)
    public void AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions);

...
    // Optionally for server methods:
    // existing public method
    public Task AuthenticateAsServerAsync(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken = default);
    // Existing synchronous overloads
    public virtual void AuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate);
    public virtual void AuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation);
    public virtual void AuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
    // NEW overload (existing private method to be made public)
    public void AuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions);
...
}

[ManickaP]

Ping: @dotnet/ncl @stephentoub

[davidfowl]

The effects of making a synchronous HttpClient.Send 😢

[ManickaP]

I looked into meaningfulness of adding CancellationToken to the sync methods (i.e. adding a new API instead of making private methods public) and IMO it's worth a thought.
If you look at ProcessAuthentication it already passes CancellationToken to the AsyncSslIOAdapter. We could pass it the same way to SyncSslIOAdapter and check for cancellation before each Read/Write operation.

Though I'm not sure if this is OK with regard to the stream state. What if we leave some bytes in the stream because we do not finish reading due to cancellation? What about the state of the server if we stop in the middle of the handshake? Will both sides be able to recover (with the assumption that the client will not continue with this particular request)?

@wfurt @alnikola @davidsh @dotnet/ncl

[davidsh]

Will both sides be able to recover?

Cancellation of an I/O operation is rarely recoverable. At the Socket layer, cancelling a pending I/O might leave the socket in a usable state. But higher-layer APIs like SslStream where cancellation is invoked usually result in the stream being unusable after that.

Do we know if canceling the async AuthenticateAsServer/Client APIs result in the stream still being usable for a subsequent authentication attempt?

[Drawaes]

If you have sent any data to the otherside it is highly unlikely you can do much but re-establish the tcp socket.

[wfurt]

I don't think we can recover if we abort in middle of the handshake. The benefit would be ability to stop and unblock synchronous call. Since the SyncSslIOAdapter has no way how to pass it down to underline stream, it would be possible only between reading TLS frames.

If overall timeout is desirable, it may be better to set it on NetworkStream/Socket before passed to SslStream constructor. That would be than applicable to each Read() operation instead to handshake as whole.

[scalablecory]

I looked into meaningfulness of adding CancellationToken to the sync methods (i.e. adding a new API instead of making private methods public) and IMO it's worth a thought.

When considering cancellation here, we should look at how it realistically interacts with how someone uses SslStream. What does cancellation look like in sync HttpClient?

Are we checking for cancellation between I/Os there too? In this case making these cancellable in the same way makes some sense. This sort of best-effort cancellation isn't the best experience when e.g. a Write() hangs, but it's better than nothing.

Are we closing the socket? In this case we already handle cancellation at a lower layer and don't need it in SslStream.