diff --git a/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs b/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs index 24b323d6f6e144..e2bc4e7c6196c9 100644 --- a/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs +++ b/src/libraries/Common/src/System/Net/Security/CertificateHelper.cs @@ -13,9 +13,9 @@ internal static partial class CertificateHelper { private const string ClientAuthenticationOID = "1.3.6.1.5.5.7.3.2"; - internal static X509Certificate2? GetEligibleClientCertificate(X509CertificateCollection candidateCerts) + internal static X509Certificate2? GetEligibleClientCertificate(X509CertificateCollection? candidateCerts) { - if (candidateCerts.Count == 0) + if (candidateCerts == null || candidateCerts.Count == 0) { return null; } @@ -26,9 +26,9 @@ internal static partial class CertificateHelper return GetEligibleClientCertificate(certs); } - internal static X509Certificate2? GetEligibleClientCertificate(X509Certificate2Collection candidateCerts) + internal static X509Certificate2? GetEligibleClientCertificate(X509Certificate2Collection? candidateCerts) { - if (candidateCerts.Count == 0) + if (candidateCerts == null || candidateCerts.Count == 0) { return null; } diff --git a/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs b/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs index c6a2a9faf10d24..6986db314b93ff 100644 --- a/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs +++ b/src/libraries/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs @@ -19,6 +19,7 @@ public static SslClientAuthenticationOptions ShallowClone(this SslClientAuthenti AllowRenegotiation = options.AllowRenegotiation, ApplicationProtocols = options.ApplicationProtocols != null ? new List(options.ApplicationProtocols) : null, CertificateRevocationCheckMode = options.CertificateRevocationCheckMode, + CertificateChainPolicy = options.CertificateChainPolicy, CipherSuitesPolicy = options.CipherSuitesPolicy, ClientCertificates = options.ClientCertificates, EnabledSslProtocols = options.EnabledSslProtocols, diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs b/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs index 623a7f02efe224..b1946ac4331181 100644 --- a/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs +++ b/src/libraries/System.Net.Http/src/System/Net/Http/HttpClientHandler.cs @@ -222,7 +222,7 @@ public ClientCertificateOption ClientCertificateOptions #else ThrowForModifiedManagedSslOptionsIfStarted(); _clientCertificateOptions = value; - _underlyingHandler.SslOptions.LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) => CertificateHelper.GetEligibleClientCertificate(ClientCertificates)!; + _underlyingHandler.SslOptions.LocalCertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) => CertificateHelper.GetEligibleClientCertificate(_underlyingHandler.SslOptions.ClientCertificates)!; #endif break;