Skip to content

[release/6.0-preview3] [AndroidCrypto] Implement X509 chain building - port of #49532#50135

Merged
Anipik merged 1 commit intodotnet:release/6.0-preview3from
elinor-fung:chain-android-port
Mar 29, 2021
Merged

[release/6.0-preview3] [AndroidCrypto] Implement X509 chain building - port of #49532#50135
Anipik merged 1 commit intodotnet:release/6.0-preview3from
elinor-fung:chain-android-port

Conversation

@elinor-fung
Copy link
Member

@elinor-fung elinor-fung commented Mar 23, 2021
edited
Loading

Port of #49532 to release/6.0-preview3

Customer Impact

With #50107, the OpenSSL dependency will be removed from Android. This change enables X.509 certificate chain building functionality without OpenSSL on Android. The general effort around AndroidCrypto is on-going, but this will allow the major parts of System.Security.Cryptography to be in preview3.

Testing

Tests in System.Security.Cryptography.X509Certificates for cert chains pass - except for one (fails to build a chain when it should succeed - would also fail without this change).

Risk

While the change itself is large, it is targeted to functionality didn't exist on Android the way it will actually ship (without OpenSSL), so the risk of breaking existing things is low.

cc @steveisok

@ghost ghost added the area-System.Security label Mar 23, 2021
@ghost
Copy link

ghost commented Mar 23, 2021

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

Port of #49532 to release/6.0-preview3

Customer Impact

With #50107, the OpenSSL dependency will be removed from Android. This change enables X.509 certificate chain building functionality without OpenSSL on Android. The general effort around AndroidCrypto is on-going, but this will allow the major parts of System.Security.Cryptography to be in preview3.

Testing

Tests in System.Security.Cryptography.X509Certificates for cert chains pass - except for one (fails to build a chain when it should succeed - would also fail without this change).

Risk

While the change itself is large, it is targeted to functionality didn't exist on Android the way it will actually ship (without OpenSSL), so the risk of breaking existing things is low.

Author: elinor-fung
Assignees: -
Labels:

area-System.Security
Milestone: -

@steveisok steveisok requested review from Anipik and marek-safar March 23, 2021 22:34
@steveisok steveisok added the Servicing-consider Issue for next servicing release review label Mar 25, 2021
@leecow leecow added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Mar 25, 2021
@leecow leecow added this to the 6.0.0 milestone Mar 25, 2021
@Anipik
Copy link
Contributor

Anipik commented Mar 25, 2021

can we get a Code review here before merging as it was not ported using the backport tool ?

@steveisok steveisok self-requested a review March 25, 2021 19:03
@Anipik Anipik merged commit 58cf4f2 into dotnet:release/6.0-preview3 Mar 29, 2021
@elinor-fung elinor-fung deleted the chain-android-port branch April 8, 2021 17:41
@ghost ghost locked as resolved and limited conversation to collaborators May 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@steveisok steveisok steveisok approved these changes

@Anipik Anipik Awaiting requested review from Anipik

@marek-safar marek-safar Awaiting requested review from marek-safar

Assignees

No one assigned

Labels

area-System.Security Servicing-approved Approved for servicing release

Projects

None yet

Milestone

6.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@elinor-fung @Anipik @steveisok @leecow