KEMBAR78
Support overriding MsQuic.dll in the application directory on Windows. by rzikm · Pull Request #103351 · dotnet/runtime · GitHub
Skip to content

Conversation

@rzikm
Copy link
Member

@rzikm rzikm commented Jun 12, 2024

Closes #101200.

This PR allows (via some explicit user action) to use OpenSSL version of MsQuic to enable use of System.Net.Quic on Windows 10 and other OSes where the Schannel build of MsQuic is not supported.

To use OpenSSL build of MsQuic, you can use e.g. the following snippet in csproj.

  <ItemGroup>
    <PackageReference Include="Microsoft.Native.Quic.MsQuic.OpenSSL"
                      Version="2.3.5"
                      PrivateAssets="all"
                      GeneratePathProperty="true" />

    <RuntimeHostConfigurationOption Include="System.Net.Quic.AppLocalMsQuic" Value="true" />
  </ItemGroup>

  <Target Name="CopyCustomContent" AfterTargets="AfterBuild">
    <Copy SourceFiles="$(PkgMicrosoft_Native_Quic_MsQuic_OpenSSL)\build\native\bin\x64\msquic.dll" DestinationFolder="$(OutDir)" />
  </Target>
  <Target Name="CopyCustomContentOnPublish" AfterTargets="Publish">
    <Copy SourceFiles="$(PkgMicrosoft_Native_Quic_MsQuic_OpenSSL)\build\native\bin\x64\msquic.dll" DestinationFolder="$(PublishDir)" />
  </Target>

@ghost ghost added the area-System.Net.Quic label Jun 12, 2024
@jkotas
Copy link
Member

jkotas commented Jun 12, 2024

Explicit probing for native .dll in application directory that is not there is going to introduce DLL planting vulnerability. You can read about it in https://msrc.microsoft.com/blog/2018/04/triaging-a-dll-planting-vulnerability/ . This particular case is "Malicious binary planted in an untrusted application directory.".

You may want to mirror what we have done to enable loading app-local copies of lib ICU so that you do not have to deal with reports of dll planting vulnerabilities. App local lib ICU requires explicit opt-in via System.Globalization.AppLocalIcu switch.

EDIT: I see @elinor-fung made the same comment as well.

@ManickaP
Copy link
Member

App local lib ICU requires explicit opt-in via System.Globalization.AppLocalIcu switch.

👍

@rzikm
Copy link
Member Author

rzikm commented Jun 14, 2024

Added opt-in via appctx switch + envvar (appctx switch takes precedence)

private static bool AllowAppLocalMsQuic() => AppContextSwitchHelper.GetBooleanConfig("System.Net.Quic.AppLocalMsQuic", "DOTNET_SYSTEM_NET_QUIC_APPLOCALMSQUIC");

@rzikm rzikm requested review from elinor-fung and jkotas June 14, 2024 08:52
Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks.
Do you think it'd be possible to add a test for this? To prevent us from accidentally breaking it in the future.

@wfurt
Copy link
Member

wfurt commented Jun 14, 2024

Do you think it'd be possible to add a test for this? To prevent us from accidentally breaking it in the future.

It would be great to hook it up to our tests and run standard test suite on older windows.

@rzikm
Copy link
Member Author

rzikm commented Jun 17, 2024

looks like Microsoft.Native.Quic.MsQuic.OpenSSL needs to be added to dotnet-public mirror first, https://dev.azure.com/dnceng/internal/_build/results?buildId=2475371&view=results

@rzikm
Copy link
Member Author

rzikm commented Jun 17, 2024

/azp run runtime

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@rzikm
Copy link
Member Author

rzikm commented Jun 18, 2024

/azp run runtime-extra-platforms

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@rzikm
Copy link
Member Author

rzikm commented Jun 19, 2024

There don't seem to be any Windows 10 runs in the runtime runtime-extra-platforms and runtime-libraries-coreclr outerloop pipelines, from a quick look at the yml definitions, there should be, unless I misunderstand something.

@rzikm
Copy link
Member Author

rzikm commented Jun 19, 2024

/azp run runtime-coreclr libraries-jitstress

@dotnet-policy-service
Copy link
Contributor

Draft Pull Request was automatically closed for 30 days of inactivity. Please let us know if you'd like to reopen it.

@github-actions github-actions bot locked and limited conversation to collaborators Oct 27, 2024
@rzikm rzikm reopened this Mar 31, 2025
@rzikm rzikm force-pushed the 101200-Support-Windows-10-for-SystemNetQuic branch from e2ebc71 to 8113199 Compare March 31, 2025 09:16
@rzikm rzikm marked this pull request as ready for review March 31, 2025 11:00
@rzikm
Copy link
Member Author

rzikm commented Mar 31, 2025

/azp run runtime-extra-platforms

@rzikm
Copy link
Member Author

rzikm commented Mar 31, 2025

https://helixr1107v0xdcypoyl9e7f.blob.core.windows.net/dotnet-runtime-refs-pull-103351-merge-1de63c2e075e4af0ad/System.Net.Quic.Functional.Tests/1/console.760e2ed9.log?helixlogtype=result

----- start Mon 03/31/2025 10:47:42.75 ===============  To repro directly: =====================================================
pushd C:\helix\work\workitem\e\
"C:\helix\work\correlation\dotnet.exe" exec --runtimeconfig System.Net.Quic.Functional.Tests.runtimeconfig.json --depsfile System.Net.Quic.Functional.Tests.deps.json xunit.console.dll System.Net.Quic.Functional.Tests.dll -xml testResults.xml -nologo -nocolor -notrait category=IgnoreForCI -notrait category=OuterLoop -notrait category=failing 
popd
===========================================================================================================

C:\helix\work\workitem\e>"C:\helix\work\correlation\dotnet.exe" exec --runtimeconfig System.Net.Quic.Functional.Tests.runtimeconfig.json --depsfile System.Net.Quic.Functional.Tests.deps.json xunit.console.dll System.Net.Quic.Functional.Tests.dll -xml testResults.xml -nologo -nocolor -notrait category=IgnoreForCI -notrait category=OuterLoop -notrait category=failing  
  Discovering: System.Net.Quic.Functional.Tests (method display = ClassAndMethod, method display options = None)
  Discovered:  System.Net.Quic.Functional.Tests (found 140 of 153 test cases)
  Starting:    System.Net.Quic.Functional.Tests (parallel test collections = on [2 threads], stop on fail = off)
MsQuic supported and using 'msquic.dll 2.4.8.569855 (5ddc9bff4e82e910872fd239340e7970e3c768f8)' (OpenSSL).
    System.Net.Quic.Tests.MsQuicPlatformDetectionTests.SupportedWindowsPlatforms_IsSupportedIsTrue [SKIP]
      Condition(s) not met: "SupportsTls13"
    System.Net.Quic.Tests.MsQuicPlatformDetectionTests.UnsupportedPlatforms_ThrowsPlatformNotSupportedException [SKIP]
      Condition(s) not met: "IsQuicUnsupported"
    System.Net.Quic.Tests.MsQuicTests.Server_CertificateWithEphemeralKey_Throws [SKIP]
      Condition(s) not met: "IsUsingSchannelBackend"
    System.Net.Quic.Tests.MsQuicTests.Client_CertificateWithEphemeralKey_Throws [SKIP]
      Condition(s) not met: "IsUsingSchannelBackend"
MsQuic Counters:
    CONN_CREATED 1602
    CONN_HANDSHAKE_FAIL 23
    CONN_APP_REJECT 8
    CONN_LOAD_REJECT 0

Unobserved exceptions of 0 different types: 

  Finished:    System.Net.Quic.Functional.Tests
=== TEST EXECUTION SUMMARY ===
   System.Net.Quic.Functional.Tests  Total: 429, Errors: 0, Failed: 0, Skipped: 4, Time: 87.917s
----- end Mon 03/31/2025 10:49:12.28 ----- exit code 0 ----------------------------------------------------------

Seems to work fine

{
return true;
}
if (str == "1" || string.Equals(str, bool.FalseString, StringComparison.OrdinalIgnoreCase))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be 0? we already test "1" above.

Copy link
Member

@wfurt wfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LFTM in general

Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just few nits. Thanks for this!

@rzikm rzikm merged commit 4b16dce into dotnet:main Apr 1, 2025
82 of 87 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Support Windows 10 for System.Net.Quic

5 participants