diff --git a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs index d5116fc0d10584..1139919bf332c0 100644 --- a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs +++ b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.cs @@ -153,7 +153,6 @@ public void Properties_AddItemToDictionary_ItemPresent() [ConditionalFact] [SkipOnPlatform(TestPlatforms.Browser, "ServerCertificateCustomValidationCallback not supported on Browser")] - [SkipOnPlatform(TestPlatforms.Android, "TargetHost cannot be set to an IPv6 address on Android because the string doesn't conform to the STD 3 ASCII rules")] public async Task GetAsync_IPv6LinkLocalAddressUri_Success() { if (IsWinHttpHandler && UseVersion >= HttpVersion20.Value) diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs index ced88b12ebce46..1a741bfc8aa6aa 100644 --- a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs +++ b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs @@ -3,12 +3,14 @@ using System.Collections.Generic; using System.IO; +using System.Linq; using System.Net.Test.Common; using System.Security.Authentication; using System.Security.Cryptography.X509Certificates; using System.Threading; using System.Threading.Tasks; using Xunit; +using Microsoft.DotNet.XUnitExtensions; namespace System.Net.Security.Tests { @@ -94,11 +96,13 @@ public async Task SslStream_ServerCallbackAndLocalCertificateSelectionSet_Throws } } - [Theory] + [ConditionalTheory] [MemberData(nameof(HostNameData))] - [ActiveIssue("https://github.com/dotnet/runtime/issues/68206", TestPlatforms.Android)] public async Task SslStream_ServerCallbackNotSet_UsesLocalCertificateSelection(string hostName) { + if (PlatformDetection.IsAndroid && hostName.ToCharArray().Any(c => !char.IsAscii(c))) + throw new SkipTestException("Android does not support non-ASCII host names"); + using X509Certificate serverCert = Configuration.Certificates.GetSelfSignedServerCertificate(); int timesCallbackCalled = 0; diff --git a/src/native/libs/System.Security.Cryptography.Native.Android/pal_trust_manager.c b/src/native/libs/System.Security.Cryptography.Native.Android/pal_trust_manager.c index c0097c9f3b998a..af87c04a4a031c 100644 --- a/src/native/libs/System.Security.Cryptography.Native.Android/pal_trust_manager.c +++ b/src/native/libs/System.Security.Cryptography.Native.Android/pal_trust_manager.c @@ -1,11 +1,11 @@ #include "pal_trust_manager.h" +#include -static RemoteCertificateValidationCallback verifyRemoteCertificate; +static _Atomic RemoteCertificateValidationCallback verifyRemoteCertificate; ARGS_NON_NULL_ALL void AndroidCryptoNative_RegisterRemoteCertificateValidationCallback(RemoteCertificateValidationCallback callback) { - abort_unless(verifyRemoteCertificate == NULL, "AndroidCryptoNative_RegisterRemoteCertificateValidationCallback can only be used once"); - verifyRemoteCertificate = callback; + atomic_store(&verifyRemoteCertificate, callback); } ARGS_NON_NULL_ALL jobjectArray GetTrustManagers(JNIEnv* env, intptr_t sslStreamProxyHandle) @@ -31,6 +31,7 @@ ARGS_NON_NULL_ALL jobjectArray GetTrustManagers(JNIEnv* env, intptr_t sslStreamP ARGS_NON_NULL_ALL jboolean Java_net_dot_android_crypto_DotnetProxyTrustManager_verifyRemoteCertificate( JNIEnv* env, jobject thisHandle, jlong sslStreamProxyHandle) { - abort_unless(verifyRemoteCertificate, "verifyRemoteCertificate callback has not been registered"); - return verifyRemoteCertificate((intptr_t)sslStreamProxyHandle); + RemoteCertificateValidationCallback verify = atomic_load(&verifyRemoteCertificate); + abort_unless(verify, "verifyRemoteCertificate callback has not been registered"); + return verify((intptr_t)sslStreamProxyHandle); }