[release/9.0-staging] [WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation#114678
Merged
liveans merged 3 commits intodotnet:release/9.0-stagingfrom May 7, 2025
Conversation
…ll to Custom Certificate Validation
ghost
added
the
Contributor
|
Tagging subscribers to this area: @dotnet/ncl |
Contributor
There was a problem hiding this comment.
Copilot reviewed 5 out of 7 changed files in this pull request and generated 1 comment.
Files not reviewed (2)
- src/libraries/System.Net.Http.WinHttpHandler/src/System.Net.Http.WinHttpHandler.csproj: Language not supported
- src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/System.Net.Http.WinHttpHandler.Unit.Tests.csproj: Language not supported
src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/CachedCertificateValue.cs
Show resolved
Hide resolved
ManickaP
changed the title
MihaZupan
approved these changes
Apr 17, 2025
src/libraries/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs
Outdated
Show resolved
Hide resolved
Member
Author
|
Approved via email by @SteveMCarroll on 5/7 |
Member
Author
|
/azp run runtime-libraries-coreclr outerloop |
|
Azure Pipelines successfully started running 1 pipeline(s). |
3 tasks
Member
Author
|
/ba-g test failure is unrelated: #115359 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #111791 to release/9.0-staging
Customer Impact
Reported by customer (Identity team) - it was blocking their migration to WinHttpHandler and gRPC on .NET Framework (as first step of migration to .NET).
They reported slow performance due to creation of certificate chain in
CertificateValidationCallbackon each request.This change caches certificate chain per connection as an opt-in feature (the default path is not affected).
They observed perf improvements on privates from %17.2 CPU to %0.61.
Regression
No - it was behaving this way since WinHttpHandler OOB package was introduced during .NET Core 1.0 shipping in 2016.
Testing
CI + Manual testing
Customer validated private bits against 9.0 servicing branch.
Risk
Low: This is under a feature switch (opt-in), it will not affect customers unless they enable the switch and opt-in into the feature.