Code that is required to reproduce the issue dotnet/runtime#47580
- .NET Core SDK 3.1
- .NET SDK 5.0, 5.0.1, or 5.0.2
- Go 1.13+
Debian Buster or Ubuntu 20.04. The problem is not reproducible on Windows
Example certificate is issued by Let's Encrypt for one time free domain. It will expire, so in order to reproduce the bug after certificate expiration one need to change system clock to January 28 2021.
- Install the required tools
- Compile and run the server
cd Server
go run server.go
- Open the other terminal tab and run the client
cd Client/CertificateAuthBug
dotnet run --project CertificateAuthBug.csproj
- You should see that first two requests are successful, then the following two requests are throwing exception, and the last one if successful
- Run the same client with any additional console argument to clear SSL cache before third attempt:
dotnet run --project CertificateAuthBug.csproj any_argument
- All five requests will run just fine.
- Edit file CertificateAuthBug.csproj and change line:
<TargetFramework>net5.0</TargetFramework>
with:
<TargetFramework>netcoreapp3.1</TargetFramework>
- Run the client again without additional arguments
- All five requests will run just fine.
- Uncomment the following line in server.go:
//ClientCAs: caCertPool,
- Run the server and then the client (when targeting .NET 5 without additional arguments).
- All five requests will run just fine.