Perf issue: http.sys doesn't share ConnectionInfo class between requests of the same connection

[petrroll]

It might be to simplify the design (and might be infeasible to do some other way) but for http.sys (ie webserver still used by many big internal services) ConnectionInfo as well as ITlsConnectionFeature interface is tied to the instance of RequestContext which means there's new instance per each requests. Ie new instances for even requests on the same connection.

That by itself isn't an issue, but the way Task<X509Certificate2?> ITlsConnectionFeature.GetClientCertificateAsync(CancellationToken cancellationToken) works is that it tries to cache the cert on the underlying instance, which in this case is new one per each requests.

This means that code that tries to validate MTLS (very common at microsoft, and with new protocols won't be entirely going away even with HPA work (plans to be used with other protocols)) per each request (which is common by internal auth libraries) allocates the whole not small cert per each requests. When it'd be more than enough to do it per each connection.

For our service this ends up being > few percent of all allocations. And since these survive the whole requests' lifetime, they'll be bad allocs that live longer. Across whole MS it'll be a lot of memory pressure wasted.

[petrroll]

(It also limits the ability to cache the results also by the cert instance (as there seems to fresh for reach request), meaning one needs to cache by some harder to compute value)