@Skip
Kestrel not returning full certificate chain .NET 6
Part 2/2
Some details about the environment:
Service
1. Server certificate type: PKCS12, provided to Kestrel
2. Runs in a container
2. Openssl version:
OpenSSL 1.1.1k FIPS 25 Mar 2021
3. .NET version: 6.0.417
.NET CLI
1. Native executable
2. Client certificate in PKCS12 format
3. Openssl version: OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
4. .NET version: 6.0.417
Typescript Client
1. Runs in vscode (as an extension) - fails on Windows and Linux
2. Node version: v18.16.0
3. Openssl version: OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023) (note that it runs on the same machine as the .NET cli)
I have found several issues online about this, notably:
- https://github.com/dotnet/aspnetcore/issues/10971
- https://github.com/dotnet/aspnetcore/issues/36202
- https://github.com/dotnet/aspnetcore/issues/43193
From what I understand this is known defect at this point, at least in .NET 6, but it's quite unclear to me whether it is address in either .NET 7 or .NET 8. Does anyone have any knowledge in this area, or have any idea where I might find some notes on this being addressed?
Thanks in advance 🙃2 replies