Skip to content

SslServerAuthenticationOptions - update documentation #4367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Jun 18, 2020
Merged

SslServerAuthenticationOptions - update documentation #4367

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
a4a1c55
SslServerAuthenticationOptions - update documentation
Jun 11, 2020
119b696
Fix see reference
Jun 11, 2020
8239f0d
apply PR comments
Jun 15, 2020
64fdfc0
Merge remote-tracking branch 'upstream/master' into jajahoda/SslServe…
Jun 15, 2020
229a81d
apply PR comments
Jun 15, 2020
e76b2cf
Merge remote-tracking branch 'upstream/master' into jajahoda/SslServe…
Jun 17, 2020
c6e118f
Extend sslApplicationProtocol remark
Jun 17, 2020
8887daa
add default value for ApplicationProtocols
Jun 17, 2020
02648a0
fix closing tag
Jun 17, 2020
f3c6625
fix closing tag
Jun 17, 2020
a530e18
apply review commevts
Jun 17, 2020
9921593
Apply PR comments
Jun 18, 2020
7d43391
remove an article
Jun 18, 2020
27ea1db
remove an article
Jun 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
SslServerAuthenticationOptions - update documentation
  • Loading branch information
Jan Jahoda committed Jun 11, 2020
commit a4a1c5510a2c98d8a32acd4c9235ed735945ff48
54 changes: 37 additions & 17 deletions xml/System.Net.Security/SslServerAuthenticationOptions.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,15 @@
</Base>
<Interfaces />
<Docs>
<summary>To be added.</summary>
<remarks>To be added.</remarks>
<summary>This struct represents a server authentication property bag for the <see cref="T:System.Net.Security.SslStream" />.</summary>
<remarks>
<format type="text/markdown"><![CDATA[

## Remarks
This property bag is used as argument for <xref:System.Net.Security.SslStream.AuthenticateAsServer%2A>, or <xref:System.Net.Security.SslStream.BeginAuthenticateAsServer%2A>.

]]></format>
</remarks>
</Docs>
<Members>
<Member MemberName=".ctor">
Expand All @@ -46,7 +53,7 @@
</AssemblyInfo>
<Parameters />
<Docs>
<summary>To be added.</summary>
<summary>Initializes a new instance of the <see cref="T:System.Net.Security.SslServerAuthenticationOptions" /> class.</summary>
<remarks>To be added.</remarks>
</Docs>
</Member>
Expand All @@ -72,8 +79,8 @@
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<value>To be added.</value>
<summary>Gets or sets a value that indicates whether the <see:System.Net.Security.SslStream> should allow SSL renegotiation.</summary>
<value><see langword="true" /> to indicate that the <see cref="T:System.Net.Security.SslStream" /> allow SSL renegotiation; otherwise, <see langword="false" />. The default value is <see langword="true" />.</value>
<remarks>To be added.</remarks>
</Docs>
</Member>
Expand All @@ -99,7 +106,7 @@
<ReturnType>System.Collections.Generic.List&lt;System.Net.Security.SslApplicationProtocol&gt;</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<summary>Gets or sets a list of <see cref="T:System.Net.Security.SslApplicationProtocol" />.</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
Expand All @@ -126,9 +133,20 @@
<ReturnType>System.Security.Cryptography.X509Certificates.X509RevocationMode</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
<summary>Gets or sets the certificate revocation mode for certificate validation.</summary>
<value>One of the values in <see cref="T:System.Security.Cryptography.X509Certificates.X509RevocationMode" />: <see langword="NoCheck" />, <see langword="Online" />, or <see langword="Offline" />. The default is <see langword="Online" />.</value>
<remarks>
<format type="text/markdown"><![CDATA[

## Remarks
When using certificates, the system validates that the client certificate is not revoked, by checking that the client certificate is not in the revoked certificate list. This check can be performed either by checking online or by checking against a cached revocation list. Revocation checking can be turned off by setting this property to <xref:System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck>.

For more information, see [Working with Certificates](/dotnet/framework/wcf/feature-details/working-with-certificates).

]]></format>
</remarks>
<exception cref="T:System.ArgumentException">
The value contains an invalid enumeration value.</exception>
</Docs>
</Member>
<Member MemberName="CipherSuitesPolicy">
Expand Down Expand Up @@ -179,7 +197,7 @@
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<summary>Gets or sets a <see cref="T:System.Boolean" /> value that specifies whether the client is asked for a certificate for authentication. Note that this is only a request -- if no certificate is provided, the server still accepts the connection request.</summary>
Copy link
Member

@ManickaP ManickaP Jun 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can skip the <see cref="T:System.Boolean" /> here.

a certificate for authentication --> an authentication certificate maybe???

if no certificate is provided, the server still accepts the connection request. really? I'm looking into some of ours code using this property and it doesn't seem to me like that. But I might be reading the code wrong, or looking at the wrong place, so feel free to disregard this.

Copy link
Contributor Author

@aik-jahoda aik-jahoda Jun 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I borrowed it from there: https://review.docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.authenticateasserverasync?view=netcore-1.1&branch=pr-en-us-4350#System_Net_Security_SslStream_AuthenticateAsServerAsync_System_Security_Cryptography_X509Certificates_X509Certificate_System_Boolean_System_Security_Authentication_SslProtocols_System_Boolean_ . The enabledSslProtocols parameter has the same meaning as SslServerAuthenticationOptions.ClientCertificateRequired in overloaded AuthenticateAsServerXXX

<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
Expand All @@ -206,8 +224,8 @@
<ReturnType>System.Security.Authentication.SslProtocols</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<value>To be added.</value>
<summary>Gets or sets the <see cref="T:System.Security.Authentication.SslProtocols" /> value that represents the protocol used for authentication.</summary>
<value>The default value is <see cref="F:System.Security.Authentication.SslProtocols.None" /></value>
<remarks>To be added.</remarks>
</Docs>
</Member>
Expand All @@ -233,9 +251,11 @@
<ReturnType>System.Net.Security.EncryptionPolicy</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<value>To be added.</value>
<summary>Gets or sets the <see cref="T:System.Net.Security.EncryptionPolicy" />.</summary>
<value>The default value is <see cref="F:System.Net.Security.EncryptionPolicy.RequireEncryption" /></value>
<remarks>To be added.</remarks>
<exception cref="T:System.ArgumentException">
The value contains an invalid enumeration value.</exception>
</Docs>
</Member>
<Member MemberName="RemoteCertificateValidationCallback">
Expand All @@ -260,7 +280,7 @@
<ReturnType>System.Net.Security.RemoteCertificateValidationCallback</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<summary>Gets or sets a <see cref="T:System.Net.Security.RemoteCertificateValidationCallback" /> delegate responsible for validating the certificate supplied by the remote party.</summary>
Copy link
Member

@ManickaP ManickaP Jun 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The callback is used as certificate validation override, i.e. the user can provide their own logic to validate the certificate instead of using the default behavior, see: https://github.com/dotnet/runtime/blob/master/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs#L1007.

It will still work if nothing is provided.

<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
Expand All @@ -287,7 +307,7 @@
<ReturnType>System.Security.Cryptography.X509Certificates.X509Certificate</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<summary>Gets or sets the server certificate.</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
Expand All @@ -314,7 +334,7 @@
<ReturnType>System.Net.Security.ServerCertificateSelectionCallback</ReturnType>
</ReturnValue>
<Docs>
<summary>To be added.</summary>
<summary>Gets or sets the <see cref="T:System.Net.Security.ServerCertificateSelectionCallback" /> delegate responsible for the server certificate selection.</summary>
<value>To be added.</value>
<remarks>To be added.</remarks>
</Docs>
Expand Down