Fix functionality on older msquic versions

dotnet · rzikm · Feb 28, 2024 · Feb 12, 2024 · Feb 12, 2024 · Feb 13, 2024
commit 2579291daa0e6e210662f906b540d8ee7d708a20
diff --git a/src/libraries/System.Net.Quic/src/System/Net/Quic/QuicConnection.SslConnectionOptions.cs b/src/libraries/System.Net.Quic/src/System/Net/Quic/QuicConnection.SslConnectionOptions.cs
@@ -66,7 +66,7 @@ public SslConnectionOptions(QuicConnection connection, bool isClient,
             _certificateChainPolicy = certificateChainPolicy;
         }
 
-        internal async void StartAsyncCertificateValidation(IntPtr certificatePtr, IntPtr chainPtr)
+        internal async Task<bool> StartAsyncCertificateValidation(IntPtr certificatePtr, IntPtr chainPtr)
         {
             //
             // The provided data pointers are valid only while still inside this function, so they need to be
@@ -154,18 +154,23 @@ internal async void StartAsyncCertificateValidation(IntPtr certificatePtr, IntPt
                 }
             }
 
-            int status = MsQuicApi.Api.ConnectionCertificateValidationComplete(
-                _connection._handle,
-                result == QUIC_TLS_ALERT_CODES.SUCCESS ? (byte)1 : (byte)0,
-                result);
-
-            if (MsQuic.StatusFailed(status))
+            if (MsQuicApi.SupportsAsyncCertValidation)
             {
-                if (NetEventSource.Log.IsEnabled())
+                int status = MsQuicApi.Api.ConnectionCertificateValidationComplete(
+                    _connection._handle,
+                    result == QUIC_TLS_ALERT_CODES.SUCCESS ? (byte)1 : (byte)0,
+                    result);
+
+                if (MsQuic.StatusFailed(status))
                 {
-                    NetEventSource.Error(_connection, $"{_connection} ConnectionCertificateValidationComplete failed with {ThrowHelper.GetErrorMessageForStatus(status)}");
+                    if (NetEventSource.Log.IsEnabled())
+                    {
+                        NetEventSource.Error(_connection, $"{_connection} ConnectionCertificateValidationComplete failed with {ThrowHelper.GetErrorMessageForStatus(status)}");
+                    }
                 }
             }
+
+            return result == QUIC_TLS_ALERT_CODES.SUCCESS;
         }
 
         private QUIC_TLS_ALERT_CODES ValidateCertificate(X509Certificate2? certificate, Span<byte> certData, Span<byte> chainData)

diff --git a/src/libraries/System.Net.Quic/src/System/Net/Quic/QuicConnection.cs b/src/libraries/System.Net.Quic/src/System/Net/Quic/QuicConnection.cs
@@ -578,7 +578,12 @@ private unsafe int HandleEventPeerCertificateReceived(ref PEER_CERTIFICATE_RECEI
         // worker threads.
         //
 
-        _sslConnectionOptions.StartAsyncCertificateValidation((IntPtr)data.Certificate, (IntPtr)data.Chain);
+        var task = _sslConnectionOptions.StartAsyncCertificateValidation((IntPtr)data.Certificate, (IntPtr)data.Chain);
+        if (task.IsCompletedSuccessfully)
+        {
+            return task.Result ? QUIC_STATUS_SUCCESS : QUIC_STATUS_BAD_CERTIFICATE;
+        }
+
         return QUIC_STATUS_PENDING;
     }