Azure
/
iotedge
зеркало из https://github.com/Azure/iotedge.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Add TLS 1.3 support and remove TLS 1.0 and 1.1 support in edgeHub (#7173) 

- Updates .NET Standard modules to .NET 6 (required for TLS 1.3 support)
- Removes support for TLS 1.0 and 1.1 and adds support for TLS 1.3. The default setting for edgeHub is to enable both TLS 1.2 and 1.3.
- Removes the unused `min_tls_version` setting from aziot-edged.

Although removing TLS 1.0 and 1.1 is a breaking change for users, these versions are deprecated everywhere and should be removed. Furthermore, current versions of edgeHub already do not support TLS 1.0/1.1 due to being built against a version of openssl that disables TLS 1.0/1.1 support, so in reality edgeHub has already dropped support for TLS 1.0/1.1.
This commit is contained in:
Gordon Wang 2023-12-11 14:59:21 -05:00 коммит произвёл GitHub
Родитель f0ab49325b
Коммит 891d701a82
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
96 изменённых файлов: 123 добавлений и 414 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
doc/EnvironmentVariables.md
Просмотреть файл

@ -1,6 +1,6 @@
# Edge Agent and Edge Hub Environment Variables
Use the following environment variables to configure the Edge Agent and Edge Hub services. These variables are used in the [deployment manifest](https://learn.microsoft.com/en-us/azure/iot-edge/module-composition) to configure the Edge Agent and Edge Hub modules.
Use the following environment variables to configure the Edge Agent and Edge Hub services. These variables are used in the [deployment manifest](https://learn.microsoft.com/en-us/azure/iot-edge/module-composition) to configure the Edge Agent and Edge Hub modules.
You can set Edge Agent and Edge Hub environment variables in the Azure portal. In the details page for your IoT Edge device, select **Set Modules**. In the **IoT Edge Modules** section, select **Runtime Settings**. Choose the **Edge Agent** or **Edge Hub** tab for the module's environment variable you want to set. Add the variable detail in the **Environment Variables** section. Apply and create the deployment for the device.
@ -90,7 +90,7 @@ You can set Edge Agent and Edge Hub environment variables in the Azure portal. I
| RocksDB_MaxManifestFileSize | Max size of a RocksDB MANIFEST file before it's rolled over | ulong | |
| RuntimeLogLevel | Runtime diagnostic logging level | fatal, error, warning, info, debug, verbose | info |
| ShutdownWaitPeriod | Seconds to wait on shutdown before hard termination | int32 | 60 |
| SslProtocols | TLS protocol(s) to be supported | tls1.0, tls1.1, tls1.2, or any combination thereof separated by comma | tls1.2 |
| SslProtocols | TLS protocol(s) to be supported | tls1.2, tls1.3, or any combination thereof separated by comma | tls1.2,tls1.3 |
| Storage_LogLevel | RocksDB diagnostic log level | NONE, FATAL, HEADER, ERROR, WARN, INFO, DEBUG | NONE |
| StorageFolder | Path to place the EdgeHub databases directory | string | TempPath of the current OS |
| UpstreamFanOutFactor | Max number of message groups to concurrently process for sending, grouped by sender | int32 | 10 |

4
e2e_deployment_files/nestededge_isa95_smoke_test_BaseDeployment.json
Просмотреть файл

@ -40,7 +40,7 @@
"value": "<proxyAddress>"
},
"SslProtocols": {
"value": "tls1.2"
"value": "tls1.2,tls1.3"
}
},
"status": "running",
@ -95,4 +95,4 @@
}
}
}
}
}

2
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Core/DeploymentConfig.cs
Просмотреть файл

@ -104,7 +104,7 @@ namespace Microsoft.Azure.Devices.Edge.Agent.Core
hashCode = (hashCode * 397) ^ (this.Runtime != null ? this.Runtime.GetHashCode() : 0);
hashCode = (hashCode * 397) ^ (this.SystemModules != null ? this.SystemModules.GetHashCode() : 0);
hashCode = (hashCode * 397) ^ (this.Modules != null ? this.Modules.GetHashCode() : 0);
hashCode = (hashCode * 397) ^ (this.Integrity != null ? this.Integrity.GetHashCode() : 0);
hashCode = (hashCode * 397) ^ this.Integrity.GetHashCode();
return hashCode;
}
}

4
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Core/Microsoft.Azure.Devices.Edge.Agent.Core.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -32,7 +32,7 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
<Target Name="ChangeAliasOfAkkaNet" BeforeTargets="FindReferenceAssembliesForReferences;ResolveReferences">

2
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Core/planner/HealthRestartPlanner.cs
Просмотреть файл

@ -109,7 +109,7 @@ namespace Microsoft.Azure.Devices.Edge.Agent.Core.Planner
plan.AddRange(commands);
}
// If we need to premept the constructed plan with image pull
// If we need to preempt the constructed plan with image pull
// commands, do so here.
plan = upfrontImagePullPlan.Concat(plan).ToList();

4
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Diagnostics/MetricsWorker.cs
Просмотреть файл

@ -162,12 +162,12 @@ namespace Microsoft.Azure.Devices.Edge.Agent.Diagnostics
return false;
}
}
catch (Exception ex)
catch
{
// If unexpected error publishing metrics, delete stored ones to prevent storage buildup.
Log.LogError($"Unexpected error publishing metrics. Deleting stored metrics.");
await this.storage.RemoveAllReturnedMetricsAsync();
throw ex;
throw;
}
}
}

2
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Diagnostics/Microsoft.Azure.Devices.Edge.Agent.Diagnostics.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>

4
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Docker/Microsoft.Azure.Devices.Edge.Agent.Docker.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -25,6 +25,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
</Project>

4
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Edgelet.Docker/Microsoft.Azure.Devices.Edge.Agent.Edgelet.Docker.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -19,6 +19,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
</Project>

4
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Edgelet/Microsoft.Azure.Devices.Edge.Agent.Edgelet.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -21,6 +21,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
</Project>

4
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.Edgelet/versioning/ModuleManagementHttpClientVersioned.cs
Просмотреть файл

@ -98,8 +98,8 @@ namespace Microsoft.Azure.Devices.Edge.Agent.Edgelet.Versioning
string baseUrl = HttpClientHelper.GetBaseUrl(this.ManagementUri).TrimEnd('/');
var logsUrl = new StringBuilder();
logsUrl.AppendFormat(CultureInfo.InvariantCulture, LogsUrlTemplate, baseUrl, module, this.Version.Name, follow.ToString().ToLowerInvariant());
since.ForEach(s => logsUrl.AppendFormat($"&{LogsUrlSinceParameter}={Uri.EscapeUriString(s)}"));
until.ForEach(u => logsUrl.AppendFormat($"&{LogsUrlUntilParameter}={Uri.EscapeUriString(u)}"));
since.ForEach(s => logsUrl.AppendFormat($"&{LogsUrlSinceParameter}={Uri.EscapeDataString(s)}"));
until.ForEach(u => logsUrl.AppendFormat($"&{LogsUrlUntilParameter}={Uri.EscapeDataString(u)}"));
includeTimestamp.ForEach(b => logsUrl.AppendFormat($"&{LogsIncludeTimestampParameter}={b.ToString().ToLower()}"));
if (!(tail.HasValue && since.HasValue && until.HasValue))

2
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.IoTHub/EdgeAgentConnection.cs
Просмотреть файл

@ -585,7 +585,7 @@ namespace Microsoft.Azure.Devices.Edge.Agent.IoTHub
{
this.deploymentMetrics.ReportTwinSignatureResult(false);
Events.ExtractAgentTwinAndVerifyFailed(ex);
throw ex;
throw;
}
}

4
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.IoTHub/Microsoft.Azure.Devices.Edge.Agent.IoTHub.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -23,6 +23,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
</Project>

2
edge-agent/src/Microsoft.Azure.Devices.Edge.Agent.IoTHub/ModuleClient.cs
Просмотреть файл

@ -229,7 +229,7 @@ namespace Microsoft.Azure.Devices.Edge.Agent.IoTHub
public static void ExceptionInHandleException(ModuleClient moduleClient, Exception ex, Exception e)
{
Log.LogWarning((int)EventIds.ExceptionInHandleException, "Encountered error - {e} while trying to handle error {ex.Message}");
Log.LogWarning((int)EventIds.ExceptionInHandleException, "Encountered error - {0} while trying to handle error {1}", e, ex.Message);
}
public static void ErrorClosingClient(Exception ex)

4
edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Amqp/Microsoft.Azure.Devices.Edge.Hub.Amqp.csproj
Просмотреть файл

@ -1,5 +1,5 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -22,6 +22,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\..\stylecop.props" />
</Project>

4
edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.CloudProxy/Microsoft.Azure.Devices.Edge.Hub.CloudProxy.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -23,6 +23,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\..\stylecop.props" />
</Project>

4
edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Core/Microsoft.Azure.Devices.Edge.Hub.Core.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<LangVersion>latest</LangVersion>
@ -46,6 +46,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\..\stylecop.props" />
</Project>

2
edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Core/config/TwinConfigSource.cs
Просмотреть файл

@ -323,7 +323,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.Core.Config
{
Metrics.ReportTwinSignatureResult(false);
Events.ExtractHubTwinAndVerifyFailed(ex);
throw ex;
throw;
}
}

4
edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Mqtt/Microsoft.Azure.Devices.Edge.Hub.Mqtt.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -36,6 +36,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\..\stylecop.props" />
</Project>

2
edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs
Просмотреть файл

@ -27,7 +27,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.Service
public class Program
{
const int DefaultShutdownWaitPeriod = 60;
const SslProtocols DefaultSslProtocols = SslProtocols.Tls12;
const SslProtocols DefaultSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
public static int Main()
{

6
edge-hub/core/src/Microsoft.Azure.Devices.Routing.Core/Microsoft.Azure.Devices.Routing.Core.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -10,7 +10,7 @@
</PropertyGroup>
<PropertyGroup>
<!-- on windows, if you've done an flat download(xcopy install) of openjdk without really installing it or adding it to your path add a props file
<!-- on windows, if you've done an flat download(xcopy install) of openjdk without really installing it or adding it to your path add a props file
to %localappdata%\Microsoft\MSBuild\(toolversion)\Imports\Microsoft.Common.props\ImportBefore\OpenJDK.props> that defines
the JDK paths with trailing slashes. otherwise everything works the way it always has
-->
@ -108,6 +108,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\..\stylecop.props" />
</Project>

2
edge-hub/core/test/Microsoft.Azure.Devices.Edge.Hub.Amqp.Test/AmqpProtocolHeadTest.cs
Просмотреть файл

@ -30,7 +30,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.Amqp.Test
{
const bool clientCertsAllowed = true;
X509Certificate2 tlsCertificate = CertificateHelper.GenerateSelfSignedCert("TestCert");
var transportSettings = new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, Mock.Of<IAuthenticator>(), Mock.Of<IClientCredentialsFactory>(), SslProtocols.Tls12);
var transportSettings = new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, Mock.Of<IAuthenticator>(), Mock.Of<IClientCredentialsFactory>(), SslProtocols.Tls12 | SslProtocols.Tls13);
AmqpSettings amqpSettings = AmqpSettingsProvider.GetDefaultAmqpSettings(IotHubHostName, Mock.Of<IAuthenticator>(), Mock.Of<IClientCredentialsFactory>(), Mock.Of<ILinkHandlerProvider>(), Mock.Of<IConnectionProvider>(), new NullCredentialsCache());
var transportListenerProvider = new Mock<ITransportListenerProvider>();
var webSockerListenerRegistry = new Mock<IWebSocketListenerRegistry>();

26
edge-hub/core/test/Microsoft.Azure.Devices.Edge.Hub.Amqp.Test/DefaultTransportSettingsTest.cs
Просмотреть файл

@ -25,20 +25,20 @@ namespace Microsoft.Azure.Devices.Edge.Hub.Amqp.Test
var credentialsProvider = Mock.Of<IClientCredentialsFactory>();
var autheticator = Mock.Of<IAuthenticator>();
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(null, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(string.Empty, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(" ", HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, null, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, string.Empty, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, " ", Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentOutOfRangeException>(() => new DefaultTransportSettings(Scheme, HostName, -1, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentOutOfRangeException>(() => new DefaultTransportSettings(Scheme, HostName, 70000, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, null, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, null, credentialsProvider, SslProtocols.Tls12));
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, null, SslProtocols.Tls12));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(null, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(string.Empty, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(" ", HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, null, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, string.Empty, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, " ", Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentOutOfRangeException>(() => new DefaultTransportSettings(Scheme, HostName, -1, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentOutOfRangeException>(() => new DefaultTransportSettings(Scheme, HostName, 70000, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, null, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, null, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, null, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.NotNull(new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.NotNull(new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, !clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
Assert.NotNull(new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
Assert.NotNull(new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, !clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
}
}
}

2
edge-hub/core/test/Microsoft.Azure.Devices.Edge.Hub.E2E.Test/ProtocolHeadFixture.cs
Просмотреть файл

@ -23,7 +23,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.E2E.Test
public class ProtocolHeadFixture : IDisposable
{
const SslProtocols DefaultSslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12;
const SslProtocols DefaultSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
readonly SslProtocols sslProtocols;
IProtocolHead protocolHead;

17
edge-hub/core/test/Microsoft.Azure.Devices.Edge.Hub.E2E.Test/SslProtocolsTest.cs
Просмотреть файл

@ -18,7 +18,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.E2E.Test
public SslProtocolsTest()
{
this.protocolHead = EdgeHubFixtureCollection.GetFixture(SslProtocols.Tls12);
this.protocolHead = EdgeHubFixtureCollection.GetFixture(SslProtocols.Tls13);
}
public async void Dispose() => await (this.protocolHead?.CloseAsync() ?? Task.CompletedTask);
@ -29,22 +29,17 @@ namespace Microsoft.Azure.Devices.Edge.Hub.E2E.Test
int httpsPort = 443;
int amqpsPort = 5671;
int mqttPort = 8883;
SslProtocols validProtocol = SslProtocols.Tls12;
SslProtocols invalidProtocol1 = SslProtocols.Tls;
SslProtocols invalidProtocol2 = SslProtocols.Tls11;
SslProtocols validProtocol = SslProtocols.Tls13;
SslProtocols invalidProtocol = SslProtocols.Tls12;
Option<Type> expectedException = Option.Some(typeof(AuthenticationException));
TestConnection(httpsPort, validProtocol, Option.None<Type>());
TestConnection(amqpsPort, validProtocol, Option.None<Type>());
TestConnection(mqttPort, validProtocol, Option.None<Type>());
TestConnection(httpsPort, invalidProtocol1, expectedException);
TestConnection(amqpsPort, invalidProtocol1, expectedException);
TestConnection(mqttPort, invalidProtocol1, expectedException);
TestConnection(httpsPort, invalidProtocol2, expectedException);
TestConnection(amqpsPort, invalidProtocol2, expectedException);
TestConnection(mqttPort, invalidProtocol2, expectedException);
TestConnection(httpsPort, invalidProtocol, expectedException);
TestConnection(amqpsPort, invalidProtocol, expectedException);
TestConnection(mqttPort, invalidProtocol, expectedException);
}
static void TestConnection(int port, SslProtocols protocol, Option<Type> expectedException)

6
edge-modules/functions/binding/src/Microsoft.Azure.WebJobs.Extensions.EdgeHub/Microsoft.Azure.WebJobs.Extensions.EdgeHub.csproj
Просмотреть файл

@ -4,9 +4,9 @@
</PropertyGroup>
<PropertyGroup>
<TargetFramework>netstandard2.0</TargetFramework>
<TargetFramework>net6.0</TargetFramework>
</PropertyGroup>
<PropertyGroup>
<AssemblyName>Microsoft.Azure.WebJobs.Extensions.EdgeHub</AssemblyName>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -50,6 +50,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\..\..\stylecop.props" />
</Project>

2
edge-modules/metrics-collector/src/FixedSetTableUpload/AzureFixedSetTable.cs
Просмотреть файл

@ -68,7 +68,7 @@ namespace Microsoft.Azure.Devices.Edge.Azure.Monitor.FixedSetTableUpload
using (var handler = new HttpClientHandler())
{
handler.ClientCertificates.Add(cert);
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13;
handler.PreAuthenticate = true;
handler.ClientCertificateOptions = ClientCertificateOption.Manual;

4
edge-util/src/Microsoft.Azure.Devices.Edge.Storage.RocksDb/Microsoft.Azure.Devices.Edge.Storage.RocksDb.csproj
Просмотреть файл

@ -1,7 +1,7 @@
<!--EXTERNAL_PROPERTIES: RocksDbAsPackage-->
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -35,6 +35,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
</Project>

4
edge-util/src/Microsoft.Azure.Devices.Edge.Storage/Microsoft.Azure.Devices.Edge.Storage.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -21,6 +21,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
</Project>

2
edge-util/src/Microsoft.Azure.Devices.Edge.Util/CertificateHelper.cs
Просмотреть файл

@ -22,7 +22,7 @@ namespace Microsoft.Azure.Devices.Edge.Util
public static string GetSha256Thumbprint(X509Certificate2 cert)
{
Preconditions.CheckNotNull(cert);
using (var sha256 = new SHA256Managed())
using (var sha256 = SHA256.Create())
{
byte[] hash = sha256.ComputeHash(cert.RawData);
return ToHexString(hash);

4
edge-util/src/Microsoft.Azure.Devices.Edge.Util/Microsoft.Azure.Devices.Edge.Util.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -38,6 +38,6 @@
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
</Project>

35
edge-util/src/Microsoft.Azure.Devices.Edge.Util/SignatureValidator.cs
Просмотреть файл

@ -10,29 +10,22 @@ namespace Microsoft.Azure.Devices.Edge.Util
{
public static bool VerifySignature(string payload, string header, byte[] signatureBytes, X509Certificate2 signerCert, string algorithmScheme, HashAlgorithmName hashAlgorithm)
{
try
{
byte[] canonicalizedFinalData = GetCanonicalizedInputBytes(payload, header);
byte[] canonicalizedFinalData = GetCanonicalizedInputBytes(payload, header);
if (algorithmScheme == "ES")
{
ECDsa eCDsa = signerCert.GetECDsaPublicKey();
return eCDsa.VerifyData(canonicalizedFinalData, signatureBytes, hashAlgorithm);
}
else if (algorithmScheme == "RS")
{
RSA rsa = signerCert.GetRSAPublicKey();
RSASignaturePadding rsaSignaturePadding = RSASignaturePadding.Pkcs1;
return rsa.VerifyData(canonicalizedFinalData, signatureBytes, hashAlgorithm, rsaSignaturePadding);
}
else
{
throw new TwinSignatureAlgorithmException("DSA Algorithm Type not supported");
}
}
catch (Exception ex)
if (algorithmScheme == "ES")
{
throw ex;
ECDsa eCDsa = signerCert.GetECDsaPublicKey();
return eCDsa.VerifyData(canonicalizedFinalData, signatureBytes, hashAlgorithm);
}
else if (algorithmScheme == "RS")
{
RSA rsa = signerCert.GetRSAPublicKey();
RSASignaturePadding rsaSignaturePadding = RSASignaturePadding.Pkcs1;
return rsa.VerifyData(canonicalizedFinalData, signatureBytes, hashAlgorithm, rsaSignaturePadding);
}
else
{
throw new TwinSignatureAlgorithmException("DSA Algorithm Type not supported");
}
}

39
edge-util/src/Microsoft.Azure.Devices.Edge.Util/SslProtocolsHelper.cs
Просмотреть файл

@ -13,8 +13,8 @@ namespace Microsoft.Azure.Devices.Edge.Util
// Examples:
// Tls1.2
// Tls12
// Tls11, Tls12
// Tls1.1, Tls1.2
// Tls12, Tls13
// Tls1.2, Tls1.3
public static SslProtocols Parse(string protocols, SslProtocols defaultSslProtocols, ILogger logger)
{
if (string.IsNullOrEmpty(protocols))
@ -48,21 +48,16 @@ namespace Microsoft.Azure.Devices.Edge.Util
{
var sslProtocolsList = new List<string>();
if ((sslProtocols & SslProtocols.Tls) > 0)
{
sslProtocolsList.Add($"{SslProtocols.Tls}");
}
if ((sslProtocols & SslProtocols.Tls11) > 0)
{
sslProtocolsList.Add($"{SslProtocols.Tls11}");
}
if ((sslProtocols & SslProtocols.Tls12) > 0)
{
sslProtocolsList.Add($"{SslProtocols.Tls12}");
}
if ((sslProtocols & SslProtocols.Tls13) > 0)
{
sslProtocolsList.Add($"{SslProtocols.Tls13}");
}
return sslProtocolsList.Count > 0 ? string.Join(", ", sslProtocolsList) : $"{SslProtocols.None}";
}
@ -71,26 +66,18 @@ namespace Microsoft.Azure.Devices.Edge.Util
{
switch (protocol.ToLowerInvariant())
{
case "tls":
case "tls1":
case "tls10":
case "tls1.0":
case "tls1_0":
case "tlsv10":
sslProtocol = SslProtocols.Tls;
return true;
case "tls11":
case "tls1.1":
case "tls1_1":
case "tlsv11":
sslProtocol = SslProtocols.Tls11;
return true;
case "tls12":
case "tls1.2":
case "tls1_2":
case "tlsv12":
sslProtocol = SslProtocols.Tls12;
return true;
case "tls13":
case "tls1.3":
case "tls1_3":
case "tlsv13":
sslProtocol = SslProtocols.Tls13;
return true;
}
sslProtocol = default(SslProtocols);

2
edge-util/src/Microsoft.Azure.Devices.Edge.Util/uds/HttpRequestResponseSerializer.cs
Просмотреть файл

@ -30,7 +30,7 @@ namespace Microsoft.Azure.Devices.Edge.Util.Uds
// request-line = method SP request-target SP HTTP-version CRLF
builder.Append(request.Method);
builder.Append(SP);
builder.Append(request.RequestUri.IsAbsoluteUri ? request.RequestUri.PathAndQuery : Uri.EscapeUriString(request.RequestUri.ToString()));
builder.Append(request.RequestUri.IsAbsoluteUri ? request.RequestUri.PathAndQuery : Uri.EscapeDataString(request.RequestUri.ToString()));
builder.Append(SP);
builder.Append($"{Protocol}{ProtocolVersionSeparator}");
builder.Append(new Version(1, 1).ToString(2));

4
edge-util/src/es6numberserializer/es6numberserializer.csproj
Просмотреть файл

@ -1,5 +1,5 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
</Project>

2
edge-util/src/jsoncanonicalizer/jsoncanonicalizer.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<ItemGroup>
<ProjectReference Include="..\es6numberserializer\es6numberserializer.csproj" />

4
edge-util/test/Microsoft.Azure.Devices.Edge.Util.Test.Common/Microsoft.Azure.Devices.Edge.Util.Test.Common.csproj
Просмотреть файл

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<Import Project="..\..\..\netstandardVersion.props" />
<Import Project="..\..\..\netcoreappVersion.props" />
<PropertyGroup>
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
@ -50,6 +50,6 @@
</ItemGroup>
<PropertyGroup>
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
</PropertyGroup>
<Import Project="..\..\..\stylecop.props" />
</Project>

22
edge-util/test/Microsoft.Azure.Devices.Edge.Util.Test/SslProtocolsHelperTest.cs
Просмотреть файл

@ -17,15 +17,14 @@ namespace Microsoft.Azure.Devices.Edge.Util.Test
[InlineData("Tls1.2", SslProtocols.None, SslProtocols.Tls12)]
[InlineData("Tls12", SslProtocols.None, SslProtocols.Tls12)]
[InlineData("Tls12, Tls1.2", SslProtocols.None, SslProtocols.Tls12)]
[InlineData("Tls11, Tls12", SslProtocols.None, SslProtocols.Tls11 | SslProtocols.Tls12)]
[InlineData("Tls1.1, Tls1.2, foo, Tls", SslProtocols.Tls12, SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls)]
[InlineData("Tls, Tls1.1, Tls1.2", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
[InlineData("tls, tls11, tls12", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
[InlineData("Tls, Tls11, Tls12", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
[InlineData("tls1_0, tls1_1, tls1_2", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
[InlineData("Tls1_0, Tls1_1, Tls1_2", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
[InlineData("tlsv10, tlsv11, tlsv12", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
[InlineData("Tlsv10, Tlsv11, Tlsv12", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
[InlineData("Tls12, Tls13", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
[InlineData("Tls1.2, foo, Tls1.3", SslProtocols.Tls12, SslProtocols.Tls12 | SslProtocols.Tls13)]
[InlineData("Tls1.2, Tls1.3", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
[InlineData("tls12, tls13", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
[InlineData("tls1_2, tls1_3", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
[InlineData("Tls1_2, Tls1_3", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
[InlineData("tlsv12, tlsv13", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
[InlineData("Tlsv12, Tlsv13", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
[InlineData("TLS12", SslProtocols.None, SslProtocols.Tls12)]
public void ParseTest(string input, SslProtocols defaultSslProtocols, SslProtocols expectedSslProtocols)
{
@ -34,10 +33,9 @@ namespace Microsoft.Azure.Devices.Edge.Util.Test
}
[Theory]
[InlineData(SslProtocols.Tls, "Tls")]
[InlineData(SslProtocols.Tls11, "Tls11")]
[InlineData(SslProtocols.Tls12, "Tls12")]
[InlineData(SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, "Tls, Tls11, Tls12")]
[InlineData(SslProtocols.Tls13, "Tls13")]
[InlineData(SslProtocols.Tls12 | SslProtocols.Tls13, "Tls12, Tls13")]
public void PrintTest(SslProtocols sslProtocols, string expectedString)
{
Assert.Equal(expectedString, sslProtocols.Print());

9
edgelet/doc/devguide.md
Просмотреть файл

@ -153,7 +153,7 @@ In order to locally run aziot-edged, there is a dependency on running Azure IoT
3. Make directories and chown them to your user
```sh
mkdir -p /run/aziot /var/lib/aziot/{keyd,certd,identityd,edged} /var/lib/iotedge /etc/aziot/{keyd,certd,identityd,tpmd,edged}/config.d
chown -hR $USER /run/aziot /var/lib/aziot/ /var/lib/iotedge /etc/aziot/
```
4. Copy Provisioning File and Fill out the provisioning parameters. Example : For Provisioning via Symmetric Keys Use [these instructions](https://docs.microsoft.com/en-us/azure/iot-edge/how-to-provision-single-device-linux-symmetric?view=iotedge-2020-11&tabs=azure-portal%2Cubuntu)
@ -172,7 +172,6 @@ In order to locally run aziot-edged, there is a dependency on running Azure IoT
[listen]
workload_uri = "unix:///var/run/iotedge/workload.sock"
management_uri = "unix:///var/run/iotedge/management.sock"
min_tls_version = "tls1.0"
```
This is because when running locally or without systemd, LISTEN_FDNAMES environment variable is not passed to aziot-edged and hence we explicitly need to specify the listen sockets.
@ -210,11 +209,11 @@ cargo test --all
### Run Code Coverage Checks
In order to run Code Coverage Checks locally do the following
In order to run Code Coverage Checks locally do the following
```sh
#Run From the Edgelet Directory
cd edgelet
cd edgelet
#One Time Setup Only.
cargo install cargo-tarpaulin
@ -234,7 +233,7 @@ You should see an output like this
|| support-bundle/src/runtime_util.rs: 0/18
|| support-bundle/src/shell_util.rs: 0/117
|| support-bundle/src/support_bundle.rs: 0/50
||
||
46.28% coverage, 2993/6467 lines covered
```

119
edgelet/edgelet-settings/src/base/uri.rs
Просмотреть файл

@ -36,8 +36,6 @@ impl Default for Connect {
pub struct Listen {
pub workload_uri: url::Url,
pub management_uri: url::Url,
#[serde(default)]
pub min_tls_version: MinTlsVersion,
}
impl Listen {
@ -64,10 +62,6 @@ impl Listen {
pub fn management_uri(&self) -> &url::Url {
&self.management_uri
}
pub fn min_tls_version(&self) -> MinTlsVersion {
self.min_tls_version
}
}
impl Default for Listen {
@ -82,119 +76,6 @@ impl Default for Listen {
management_uri: management_uri
.parse()
.expect("failed to parse management uri"),
min_tls_version: MinTlsVersion::default(),
}
}
}
#[derive(Clone, Copy, Debug, Default, Eq, PartialEq)]
pub enum MinTlsVersion {
#[default]
Tls10,
Tls11,
Tls12,
}
impl std::fmt::Display for MinTlsVersion {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
MinTlsVersion::Tls10 => write!(f, "TLS 1.0"),
MinTlsVersion::Tls11 => write!(f, "TLS 1.1"),
MinTlsVersion::Tls12 => write!(f, "TLS 1.2"),
}
}
}
impl std::str::FromStr for MinTlsVersion {
type Err = String;
fn from_str(s: &str) -> Result<Self, Self::Err> {
match s.to_lowercase().as_ref() {
"tls" | "tls1" | "tls10" | "tls1.0" | "tls1_0" | "tlsv10" => Ok(MinTlsVersion::Tls10),
"tls11" | "tls1.1" | "tls1_1" | "tlsv11" => Ok(MinTlsVersion::Tls11),
"tls12" | "tls1.2" | "tls1_2" | "tlsv12" => Ok(MinTlsVersion::Tls12),
_ => Err(format!("Unsupported TLS protocol version: {s}")),
}
}
}
impl<'de> serde::Deserialize<'de> for MinTlsVersion {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: serde::de::Deserializer<'de>,
{
struct Visitor;
impl<'de> serde::de::Visitor<'de> for Visitor {
type Value = MinTlsVersion;
fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(formatter, r#"one of "tls1.0", "tls1.1", "tls1.2""#)
}
fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
where
E: serde::de::Error,
{
v.parse().map_err(|_err| {
serde::de::Error::invalid_value(serde::de::Unexpected::Str(v), &self)
})
}
}
deserializer.deserialize_str(Visitor)
}
}
impl serde::ser::Serialize for MinTlsVersion {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where
S: serde::ser::Serializer,
{
serializer.serialize_str(match self {
MinTlsVersion::Tls10 => "tls1.0",
MinTlsVersion::Tls11 => "tls1.1",
MinTlsVersion::Tls12 => "tls1.2",
})
}
}
#[cfg(test)]
mod tests {
use super::MinTlsVersion;
use std::str::FromStr;
use test_case::test_case;
#[test_case("tls", MinTlsVersion::Tls10; "when tls provided")]
#[test_case("tls1", MinTlsVersion::Tls10; "when tls1 with dot provided")]
#[test_case("tls10", MinTlsVersion::Tls10; "when tls10 provided")]
#[test_case("tls1.0", MinTlsVersion::Tls10; "when tls10 with dot provided")]
#[test_case("tls1_0", MinTlsVersion::Tls10; "when tls10 with underscore provided")]
#[test_case("Tlsv10" , MinTlsVersion::Tls10; "when Tlsv10 provided")]
#[test_case("TLS10", MinTlsVersion::Tls10; "when uppercase TLS10 Provided")]
#[test_case("tls11", MinTlsVersion::Tls11; "when tls11 provided")]
#[test_case("tls1.1", MinTlsVersion::Tls11; "when tls11 with dot provided")]
#[test_case("tls1_1", MinTlsVersion::Tls11; "when tls11 with underscore provided")]
#[test_case("Tlsv11" , MinTlsVersion::Tls11; "when Tlsv11 provided")]
#[test_case("TLS11", MinTlsVersion::Tls11; "when uppercase TLS11 Provided")]
#[test_case("tls12", MinTlsVersion::Tls12; "when tls12 provided")]
#[test_case("tls1.2", MinTlsVersion::Tls12; "when tls12 with dot provided")]
#[test_case("tls1_2", MinTlsVersion::Tls12; "when tls12 with underscore provided")]
#[test_case("Tlsv12" , MinTlsVersion::Tls12; "when Tlsv12 provided")]
#[test_case("TLS12", MinTlsVersion::Tls12; "when uppercase TLS12 Provided")]
fn parse_min_tls_version(value: &str, expected: MinTlsVersion) {
let actual = MinTlsVersion::from_str(value);
assert_eq!(actual, Ok(expected));
}
#[test_case(""; "when empty string provided")]
#[test_case("Sslv3"; "when unsupported version provided")]
#[test_case("TLS2"; "when non-existing version provided")]
fn parse_min_tls_version_err(value: &str) {
let actual = MinTlsVersion::from_str(value);
assert_eq!(
actual,
Err(format!("Unsupported TLS protocol version: {value}"))
);
}
}

14
edgelet/edgelet-settings/src/docker/mod.rs
Просмотреть файл

@ -206,20 +206,6 @@ mod tests {
assert_eq!(watchdog_settings.max_retries(), 3);
}
#[test]
fn min_tls_version_default() {
let _env_lock = ENV_LOCK.lock().expect("env lock poisoned");
std::env::set_var("AZIOT_EDGED_CONFIG", GOOD_SETTINGS);
std::env::set_var("AZIOT_EDGED_CONFIG_DIR", CONFIG_DIR);
let settings = Settings::new().unwrap();
assert_eq!(
settings.listen().min_tls_version(),
crate::uri::MinTlsVersion::Tls10
);
}
#[test]
fn network_settings() {
let _env_lock = ENV_LOCK.lock().expect("env lock poisoned");

8
edgelet/iotedge/src/config/import/mod.rs
Просмотреть файл

@ -483,7 +483,6 @@ fn execute_inner(
let old_config::Listen {
management_uri,
workload_uri,
min_tls_version,
} = listen;
let management_uri = map_listen_uri(management_uri).map_err(|management_uri| {
@ -494,13 +493,8 @@ fn execute_inner(
})?;
edgelet_settings::uri::Listen {
management_uri,
workload_uri,
min_tls_version: match min_tls_version {
old_config::Protocol::Tls10 => edgelet_settings::uri::MinTlsVersion::Tls10,
old_config::Protocol::Tls11 => edgelet_settings::uri::MinTlsVersion::Tls11,
old_config::Protocol::Tls12 => edgelet_settings::uri::MinTlsVersion::Tls12,
},
management_uri,
}
},

46
edgelet/iotedge/src/config/import/old_config/mod.rs
Просмотреть файл

@ -46,52 +46,6 @@ pub(crate) struct Connect {
pub(crate) struct Listen {
pub(crate) management_uri: Url,
pub(crate) workload_uri: Url,
#[serde(default = "Protocol::default")]
pub(crate) min_tls_version: Protocol,
}
#[derive(Clone, Copy, Debug, Default)]
pub(crate) enum Protocol {
#[default]
Tls10,
Tls11,
Tls12,
}
impl<'de> serde::Deserialize<'de> for Protocol {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where
D: serde::Deserializer<'de>,
{
struct Visitor;
impl<'de> serde::de::Visitor<'de> for Visitor {
type Value = Protocol;
fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(formatter, r#"one of "tls1.0", "tls1.1", "tls1.2""#)
}
fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
where
E: serde::de::Error,
{
match &*v.to_lowercase() {
"tls" | "tls1" | "tls10" | "tls1.0" | "tls1_0" | "tlsv10" => {
Ok(Protocol::Tls10)
}
"tls11" | "tls1.1" | "tls1_1" | "tlsv11" => Ok(Protocol::Tls11),
"tls12" | "tls1.2" | "tls1_2" | "tlsv12" => Ok(Protocol::Tls12),
_ => Err(serde::de::Error::invalid_value(
serde::de::Unexpected::Str(v),
&self,
)),
}
}
}
deserializer.deserialize_str(Visitor)
}
}
#[derive(Debug, serde::Deserialize)]

1
edgelet/iotedge/test-files/config/ca-certs-est/edged.toml
Просмотреть файл

@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-certs-est/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-certs-local-ca/edged.toml
Просмотреть файл

@ -37,7 +37,6 @@ retry = "10%"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-certs-local-ca/super-config.toml
Просмотреть файл

@ -48,7 +48,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-certs/edged.toml
Просмотреть файл

@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-certs/super-config.toml
Просмотреть файл

@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-quickstart-custom/edged.toml
Просмотреть файл

@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-quickstart-custom/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-quickstart/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/ca-quickstart/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/complex-agent-spec/edged.toml
Просмотреть файл

@ -42,7 +42,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/complex-agent-spec/super-config.toml
Просмотреть файл

@ -53,7 +53,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-no-reprovisioning-flags/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-no-reprovisioning-flags/super-config.toml
Просмотреть файл

@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-symmetric-key-no-pad/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-symmetric-key-no-pad/super-config.toml
Просмотреть файл

@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-symmetric-key/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-symmetric-key/super-config.toml
Просмотреть файл

@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-tpm/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-tpm/super-config.toml
Просмотреть файл

@ -42,7 +42,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-x509/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/dps-x509/super-config.toml
Просмотреть файл

@ -43,7 +43,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/imported-master-encryption-key/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/imported-master-encryption-key/super-config.toml
Просмотреть файл

@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/manual-connection-string-2/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/manual-connection-string-2/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/manual-connection-string-no-pad/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/manual-connection-string-no-pad/super-config.toml
Просмотреть файл

@ -43,7 +43,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/manual-connection-string/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/manual-connection-string/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/manual-x509/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/manual-x509/super-config.toml
Просмотреть файл

@ -43,7 +43,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/moby-runtime-network-2/edged.toml
Просмотреть файл

@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/moby-runtime-network-2/super-config.toml
Просмотреть файл

@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/moby-runtime-network/edged.toml
Просмотреть файл

@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/moby-runtime-network/super-config.toml
Просмотреть файл

@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/nested-edge/edged.toml
Просмотреть файл

@ -37,7 +37,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/nested-edge/super-config.toml
Просмотреть файл

@ -55,7 +55,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/not-socket-activated-both-custom/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///my/own/iotedge.mgmt.sock"
[listen]
workload_uri = "unix:///my/own/iotedge.workload.sock"
management_uri = "unix:///my/own/iotedge.mgmt.sock"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/not-socket-activated-both-custom/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///my/own/iotedge.mgmt.sock"
[listen]
workload_uri = "unix:///my/own/iotedge.workload.sock"
management_uri = "unix:///my/own/iotedge.mgmt.sock"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/not-socket-activated-varlib/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/lib/iotedge/mgmt.sock"
[listen]
workload_uri = "unix:///var/lib/iotedge/workload.sock"
management_uri = "unix:///var/lib/iotedge/mgmt.sock"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/not-socket-activated-varlib/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///var/lib/iotedge/mgmt.sock"
[listen]
workload_uri = "unix:///var/lib/iotedge/workload.sock"
management_uri = "unix:///var/lib/iotedge/mgmt.sock"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/not-socket-activated-varrun/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "unix:///var/run/iotedge/workload.sock"
management_uri = "unix:///var/run/iotedge/mgmt.sock"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/not-socket-activated-varrun/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "unix:///var/run/iotedge/workload.sock"
management_uri = "unix:///var/run/iotedge/mgmt.sock"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/socket-activated-one-custom/edged.toml
Просмотреть файл

@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "unix:///my/own/iotedge.workload.sock"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

1
edgelet/iotedge/test-files/config/socket-activated-one-custom/super-config.toml
Просмотреть файл

@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
[listen]
workload_uri = "unix:///my/own/iotedge.workload.sock"
management_uri = "fd://aziot-edged.mgmt.socket"
min_tls_version = "tls1.0"
[watchdog]
max_retries = "infinite"

5
netstandardVersion.props
Просмотреть файл

@ -1,5 +0,0 @@
<Project>
<PropertyGroup>
<TargetFramework>netstandard2.1</TargetFramework>
</PropertyGroup>
</Project>

8
samples/dotnet/EdgeX509AuthDownstreamDevice/CustomCertificateValidator.cs
Просмотреть файл

@ -24,19 +24,11 @@ namespace Microsoft.Azure.Devices.Client.Samples
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
#if NETSTANDARD2_0
if (!chain.Build(new X509Certificate2(certificate)))
{
Console.WriteLine("Unable to build the chain using the expected root certificate.");
return false;
}
#else
if (!chain.Build(new X509Certificate2(certificate.Export(X509ContentType.Cert))))
{
Console.WriteLine("Unable to build the chain using the expected root certificate.");
return false;
}
#endif
// Pin the trusted root of the chain to the expected root certificate
X509Certificate2 actualRoot = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;

10
scripts/linux/buildBranch.sh
Просмотреть файл

@ -46,7 +46,7 @@ print_help_and_exit()
process_args()
{
local save_next_arg=0
for arg in "$@";
for arg in "$@";
do
if [ $save_next_arg -eq 1 ]; then
CONFIGURATION="$arg"
@ -164,7 +164,7 @@ publish_app()
publish_lib()
{
local name="$1"
publish_project library "$name" netstandard2.0 $CONFIGURATION "$PUBLISH_FOLDER/$name"
publish_project library "$name" net6.0 $CONFIGURATION "$PUBLISH_FOLDER/$name"
}
publish_quickstart()
@ -211,14 +211,14 @@ build_solution()
{
echo "Building IoT Edge solution"
dotnet --version
build_command="$DOTNET_ROOT_PATH/dotnet build -c $CONFIGURATION -o \"$BUILD_BINARIESDIRECTORY\""
if [ -n "$DOTNET_RUNTIME" ]; then
build_command="$build_command -p:DotNet_Runtime=$DOTNET_RUNTIME"
fi
build_command="$build_command $ROOT_FOLDER/Microsoft.Azure.Devices.Edge.sln"
eval ${build_command}
if [ $? -gt 0 ]; then
RES=1

8
smoke/LeafDevice/details/CustomCertificateValidator.cs
Просмотреть файл

@ -136,19 +136,11 @@ namespace LeafDeviceTest
Console.WriteLine($" IssuerName = {certificate.Issuer}");
Console.WriteLine($" SubjectName = {certificate.Subject}");
#if NETSTANDARD2_0
if (!chain.Build(new X509Certificate2(certificate)))
{
Console.WriteLine("Unable to build the chain using the expected root certificate.");
return false;
}
#else
if (!chain.Build(new X509Certificate2(certificate.Export(X509ContentType.Cert))))
{
Console.WriteLine("Unable to build the chain using the expected root certificate.");
return false;
}
#endif
// Pin the trusted root of the chain to the expected root certificate
X509Certificate2 actualRoot = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;

2
test/Microsoft.Azure.Devices.Edge.Test.Common/EdgeRuntime.cs
Просмотреть файл

@ -43,7 +43,7 @@ namespace Microsoft.Azure.Devices.Edge.Test.Common
CancellationToken token,
bool nestedEdge)
{
(string, string)[] hubEnvVar = new (string, string)[] { ("RuntimeLogLevel", "debug"), ("SslProtocols", "tls1.2") };
(string, string)[] hubEnvVar = new (string, string)[] { ("RuntimeLogLevel", "debug"), ("SslProtocols", "tls1.2,tls1.3") };
if (nestedEdge == true)
{

8
test/Microsoft.Azure.Devices.Edge.Test.Common/EventHubPartitionKeyResolver.cs
Просмотреть файл

@ -41,11 +41,7 @@ namespace Microsoft.Azure.Devices.Edge.Test.Common
uint hash1;
uint hash2;
#if NETSTANDARD1_3
string upper = data.ToUpper();
#else
string upper = data.ToUpper(CultureInfo.InvariantCulture);
#endif
PerfectHash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(upper), seed1: 0, seed2: 0, hash1: out hash1, hash2: out hash2);
long hashedValue = ((long)hash1 << 32) | (long)hash2;
@ -57,11 +53,7 @@ namespace Microsoft.Azure.Devices.Edge.Test.Common
uint hash1;
uint hash2;
#if NETSTANDARD1_3
string upper = data.ToUpper();
#else
string upper = data.ToUpper(CultureInfo.InvariantCulture);
#endif
PerfectHash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(upper), seed1: 0, seed2: 0, hash1: out hash1, hash2: out hash2);
long hashedValue = hash1 ^ hash2;

5
test/Microsoft.Azure.Devices.Edge.Test.Common/certs/TransportSettingsExtensions.cs
Просмотреть файл

@ -73,11 +73,8 @@ namespace Microsoft.Azure.Devices.Edge.Test.Common.Certs
// environment because we don't need revocation.
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
#if NETSTANDARD2_0
X509Certificate input = certificate;
#else
byte[] input = certificate.Export(X509ContentType.Cert);
#endif
if (!chain.Build(new X509Certificate2(input)))
{
Log.Verbose("Unable to build the chain using the expected root certificate.");