rzikm
diff --git a/‎src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamMutualAuthenticationTest.cs‎
Lines changed: 19 additions & 9 deletions b/‎src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamMutualAuthenticationTest.cs‎
Lines changed: 19 additions & 9 deletions
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.IO;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using System.Net.Test.Common;
 using System.Security.Authentication;
@@ -115,11 +116,19 @@ public async Task SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTru
  }
  }
  }
+ public static IEnumerable<object[]> SslProtocolsAndBoolData()
+ {
+ foreach (object[] protocol in new SslProtocolSupport.SupportedSslProtocolsTestData())
+ {
+ yield return new object[] { protocol[0], true };
+ yield return new object[] { protocol[0], false };
+ }
+ }
 
  [ConditionalTheory(typeof(PlatformDetection), nameof(PlatformDetection.IsNotWindows7))]
- [ClassData(typeof(SslProtocolSupport.SupportedSslProtocolsTestData))]
+ [MemberData(nameof(SslProtocolsAndBoolData))]
  public async Task SslStream_CachedCredentials_IsMutuallyAuthenticatedCorrect(
- SslProtocols protocol)
+ SslProtocols protocol, bool startWithMtls)
  {
  var clientOptions = new SslClientAuthenticationOptions
  {
@@ -129,18 +138,20 @@ public async Task SslStream_CachedCredentials_IsMutuallyAuthenticatedCorrect(
  TargetHost = Guid.NewGuid().ToString("N")
  };
 
+ SslStreamCertificateContext context = SslStreamCertificateContext.Create(_serverCertificate, null);
+
  for (int i = 0; i < 5; i++)
  {
  (SslStream client, SslStream server) = TestHelper.GetConnectedSslStreams();
  using (client)
  using (server)
  {
- bool expectMutualAuthentication = (i % 2) == 0;
+ bool expectMutualAuthentication = (i % 2) == (startWithMtls ? 0 : 1);
 
  var serverOptions = new SslServerAuthenticationOptions
  {
  ClientCertificateRequired = expectMutualAuthentication,
- ServerCertificate = expectMutualAuthentication ? _serverCertificate : _selfSignedCertificate,
+ ServerCertificateContext = context,
  RemoteCertificateValidationCallback = delegate { return true; },
  EnabledSslProtocols = protocol
  };
@@ -193,7 +204,6 @@ public async Task SslStream_NegotiateClientCertificate_IsMutuallyAuthenticatedCo
  ServerCertificateContext = context,
  ClientCertificateRequired = false,
  EnabledSslProtocols = SslProtocols.Tls12,
-
  });
 
  await TestConfiguration.WhenAllOrAnyFailedWithTimeout(t1, t2);
@@ -266,7 +276,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
  }
  else
  {
- Assert.Null(server.RemoteCertificate);
+  Assert.Null(server.RemoteCertificate);
  }
  };
  }
@@ -320,7 +330,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
  }
  else
  {
- Assert.Null(server.RemoteCertificate);
+  Assert.Null(server.RemoteCertificate);
  }
  };
  }
@@ -357,7 +367,7 @@ public async Task SslStream_ResumedSessionsCallbackMaybeSet_IsMutuallyAuthentica
 
  if (expectMutualAuthentication)
  {
- clientOptions.LocalCertificateSelectionCallback = (s, t, l, r, a) => _clientCertificate;
+  clientOptions.LocalCertificateSelectionCallback = (s, t, l, r, a) => _clientCertificate;
  }
  else
  {
@@ -378,7 +388,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
  }
  else
  {
- Assert.Null(server.RemoteCertificate);
+  Assert.Null(server.RemoteCertificate);
  }
  };
  }
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`	`// The .NET Foundation licenses this file to you under the MIT license.`
`3`	`3`
`4`	`4`	`using System.IO;`
	`5`	`+using System.Collections.Generic;`
`5`	`6`	`using System.Threading.Tasks;`
`6`	`7`	`using System.Net.Test.Common;`
`7`	`8`	`using System.Security.Authentication;`
`@@ -115,11 +116,19 @@ public async Task SslStream_RequireClientCert_IsMutuallyAuthenticated_ReturnsTru`
`115`	`116`	`}`
`116`	`117`	`}`
`117`	`118`	`}`
	`119`	`+ public static IEnumerable<object[]> SslProtocolsAndBoolData()`
	`120`	`+ {`
	`121`	`+ foreach (object[] protocol in new SslProtocolSupport.SupportedSslProtocolsTestData())`
	`122`	`+ {`
	`123`	`+ yield return new object[] { protocol[0], true };`
	`124`	`+ yield return new object[] { protocol[0], false };`
	`125`	`+ }`
	`126`	`+ }`
`118`	`127`
`119`	`128`	`[ConditionalTheory(typeof(PlatformDetection), nameof(PlatformDetection.IsNotWindows7))]`
`120`		`- [ClassData(typeof(SslProtocolSupport.SupportedSslProtocolsTestData))]`
	`129`	`+ [MemberData(nameof(SslProtocolsAndBoolData))]`
`121`	`130`	`public async Task SslStream_CachedCredentials_IsMutuallyAuthenticatedCorrect(`
`122`		`- SslProtocols protocol)`
	`131`	`+ SslProtocols protocol, bool startWithMtls)`
`123`	`132`	`{`
`124`	`133`	`var clientOptions = new SslClientAuthenticationOptions`
`125`	`134`	`{`
`@@ -129,18 +138,20 @@ public async Task SslStream_CachedCredentials_IsMutuallyAuthenticatedCorrect(`
`129`	`138`	`TargetHost = Guid.NewGuid().ToString("N")`
`130`	`139`	`};`
`131`	`140`
	`141`	`+ SslStreamCertificateContext context = SslStreamCertificateContext.Create(_serverCertificate, null);`
	`142`	`+`
`132`	`143`	`for (int i = 0; i < 5; i++)`
`133`	`144`	`{`
`134`	`145`	`(SslStream client, SslStream server) = TestHelper.GetConnectedSslStreams();`
`135`	`146`	`using (client)`
`136`	`147`	`using (server)`
`137`	`148`	`{`
`138`		`- bool expectMutualAuthentication = (i % 2) == 0;`
	`149`	`+ bool expectMutualAuthentication = (i % 2) == (startWithMtls ? 0 : 1);`
`139`	`150`
`140`	`151`	`var serverOptions = new SslServerAuthenticationOptions`
`141`	`152`	`{`
`142`	`153`	`ClientCertificateRequired = expectMutualAuthentication,`
`143`		`- ServerCertificate = expectMutualAuthentication ? _serverCertificate : _selfSignedCertificate,`
	`154`	`+ ServerCertificateContext = context,`
`144`	`155`	`RemoteCertificateValidationCallback = delegate { return true; },`
`145`	`156`	`EnabledSslProtocols = protocol`
`146`	`157`	`};`
`@@ -193,7 +204,6 @@ public async Task SslStream_NegotiateClientCertificate_IsMutuallyAuthenticatedCo`
`193`	`204`	`ServerCertificateContext = context,`
`194`	`205`	`ClientCertificateRequired = false,`
`195`	`206`	`EnabledSslProtocols = SslProtocols.Tls12,`
`196`		`-`
`197`	`207`	`});`
`198`	`208`
`199`	`209`	`await TestConfiguration.WhenAllOrAnyFailedWithTimeout(t1, t2);`
`@@ -266,7 +276,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(`
`266`	`276`	`}`
`267`	`277`	`else`
`268`	`278`	`{`
`269`		`- Assert.Null(server.RemoteCertificate);`
	`279`	`+ Assert.Null(server.RemoteCertificate);`
`270`	`280`	`}`
`271`	`281`	`};`
`272`	`282`	`}`
`@@ -320,7 +330,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(`
`320`	`330`	`}`
`321`	`331`	`else`
`322`	`332`	`{`
`323`		`- Assert.Null(server.RemoteCertificate);`
	`333`	`+ Assert.Null(server.RemoteCertificate);`
`324`	`334`	`}`
`325`	`335`	`};`
`326`	`336`	`}`
`@@ -357,7 +367,7 @@ public async Task SslStream_ResumedSessionsCallbackMaybeSet_IsMutuallyAuthentica`
`357`	`367`
`358`	`368`	`if (expectMutualAuthentication)`
`359`	`369`	`{`
`360`		`- clientOptions.LocalCertificateSelectionCallback = (s, t, l, r, a) => _clientCertificate;`
	`370`	`+ clientOptions.LocalCertificateSelectionCallback = (s, t, l, r, a) => _clientCertificate;`
`361`	`371`	`}`
`362`	`372`	`else`
`363`	`373`	`{`
`@@ -378,7 +388,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(`
`378`	`388`	`}`
`379`	`389`	`else`
`380`	`390`	`{`
`381`		`- Assert.Null(server.RemoteCertificate);`
	`391`	`+ Assert.Null(server.RemoteCertificate);`
`382`	`392`	`}`
`383`	`393`	`};`
`384`	`394`	`}`