Allow NO_SSL_VERIFY in RawHttpMessageHandler. (actions#3883)

TingluoHuang · sirredbeard · commit 9f3ecfbcee63 · 2025-06-11T11:37:05.000-04:00
diff --git a/src/Runner.Sdk/Util/VssUtil.cs b/src/Runner.Sdk/Util/VssUtil.cs
@@ -38,6 +38,7 @@ public static void InitializeVssClientSettings(List<ProductInfoHeaderValue> addi
             if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY")))
             {
                 VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
+                RawClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
             }
 
             var rawHeaderValues = new List<ProductInfoHeaderValue>();
diff --git a/src/Sdk/Common/Common/RawHttpMessageHandler.cs b/src/Sdk/Common/Common/RawHttpMessageHandler.cs
@@ -106,6 +106,18 @@ protected override async Task<HttpResponseMessage> SendAsync(
         {
             VssTraceActivity traceActivity = VssTraceActivity.Current;
 
+            if (!m_appliedServerCertificateValidationCallbackToTransportHandler &&
+                            request.RequestUri.Scheme == "https")
+            {
+                HttpClientHandler httpClientHandler = m_transportHandler as HttpClientHandler;
+                if (httpClientHandler != null &&
+                    this.Settings.ServerCertificateValidationCallback != null)
+                {
+                    httpClientHandler.ServerCertificateCustomValidationCallback = this.Settings.ServerCertificateValidationCallback;
+                }
+                m_appliedServerCertificateValidationCallbackToTransportHandler = true;
+            }
+
             lock (m_thisLock)
             {
                 // Ensure that we attempt to use the most appropriate authentication mechanism by default.
@@ -291,6 +303,7 @@ private static void ApplySettings(
             }
         }
 
+        private bool m_appliedServerCertificateValidationCallbackToTransportHandler;
         private readonly HttpMessageHandler m_transportHandler;
         private HttpMessageInvoker m_messageInvoker;
         private CredentialWrapper m_credentialWrapper;

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ public static void InitializeVssClientSettings(List<ProductInfoHeaderValue> addi`
`38`	`38`	`if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY")))`
`39`	`39`	`{`
`40`	`40`	`VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;`
	`41`	`+ RawClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;`
`41`	`42`	`}`
`42`	`43`
`43`	`44`	`var rawHeaderValues = new List<ProductInfoHeaderValue>();`
Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,18 @@ protected override async Task<HttpResponseMessage> SendAsync(`
`106`	`106`	`{`
`107`	`107`	`VssTraceActivity traceActivity = VssTraceActivity.Current;`
`108`	`108`
	`109`	`+ if (!m_appliedServerCertificateValidationCallbackToTransportHandler &&`
	`110`	`+ request.RequestUri.Scheme == "https")`
	`111`	`+ {`
	`112`	`+ HttpClientHandler httpClientHandler = m_transportHandler as HttpClientHandler;`
	`113`	`+ if (httpClientHandler != null &&`
	`114`	`+ this.Settings.ServerCertificateValidationCallback != null)`
	`115`	`+ {`
	`116`	`+ httpClientHandler.ServerCertificateCustomValidationCallback = this.Settings.ServerCertificateValidationCallback;`
	`117`	`+ }`
	`118`	`+ m_appliedServerCertificateValidationCallbackToTransportHandler = true;`
	`119`	`+ }`
	`120`	`+`
`109`	`121`	`lock (m_thisLock)`
`110`	`122`	`{`
`111`	`123`	`// Ensure that we attempt to use the most appropriate authentication mechanism by default.`
`@@ -291,6 +303,7 @@ private static void ApplySettings(`
`291`	`303`	`}`
`292`	`304`	`}`
`293`	`305`
	`306`	`+ private bool m_appliedServerCertificateValidationCallbackToTransportHandler;`
`294`	`307`	`private readonly HttpMessageHandler m_transportHandler;`
`295`	`308`	`private HttpMessageInvoker m_messageInvoker;`
`296`	`309`	`private CredentialWrapper m_credentialWrapper;`