Un-skip CoreWCF-compatible tests; strengthen Mandatory transaction-fl…#5952
Open
afifi-ins wants to merge 3 commits into
Open
Un-skip CoreWCF-compatible tests; strengthen Mandatory transaction-fl…#5952afifi-ins wants to merge 3 commits into
afifi-ins wants to merge 3 commits into
Conversation
afifi-ins
added a commit
to afifi-ins/wcf
that referenced
this pull request
May 23, 2026
Pipeline run for PR dotnet#5952 surfaced two Linux-specific issues with tests this PR had un-skipped under CoreWCF. Both failures reproduce against the SelfHostedCoreWcfService on Helix Linux but pass on Windows. 1) Tcp_ClientCredentialTypeCertificateCanonicalNameTests: .Certificate_With_CanonicalName_DomainName_Address_EchoString .Certificate_With_CanonicalName_Fqdn_Address_EchoString On Linux containers Dns.GetHostEntry("127.0.0.1").HostName resolves to "localhost" (verified with getent hosts 127.0.0.1). CertificateGenerator uses that value as the subject CN for the "DomainName" / "Fqdn" certs (CertificateGeneratorLibrary.cs:17-18), so on Linux those certs are indistinguishable from the Localhost cert. The tests assert a NEGATIVE case ("connect to localhost -> server presents DomainName cert -> identity check must fail"), which can never hold when the cert CN is also "localhost". This is a pre-existing test-infra limitation unrelated to CoreWCF; the tests also fail on Linux against a real WCF service. Fix: gate on Is_Windows in addition to Root_Certificate_Installed. 2) ClientBaseTests.DefaultSettings_SetCookieOnServerSide: Server-side Kestrel race on certain Linux distros (Fedora.41, Debian.12; passes on Ubuntu, AzureLinux, openSUSE on the same Helix run): Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets[14] communication error. System.InvalidOperationException: Writing is not allowed after writer was completed. at System.IO.Pipelines.Pipe.GetMemory(Int32 sizeHint) at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.Internal.SocketConnection.DoReceive() The second POST on the keep-alive connection occasionally hits a CoreWCF/Kestrel pipe-writer race and the client receives a "Connection reset by peer". Not addressable client-side. Fix: restore [Condition(nameof(Skip_CoreWCFService_FailedTest))] with a comment explaining the failure mode. Other un-skipped tests in the PR (WebSocket_Https_Duplex_Buffered and the strengthened WSHttpBinding_TransactionFlow_Mandatory_RoundTrips_And_WithoutScope_Throws) remain unchanged. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
|
@afifi-ins, this broke on the old windows test services. It resulted in the following error: I don't understand why this broke for dotnet-wcf-ci tests though as it looks like you only changed the certificate generation. But those tests use a certificate which is generated monthly, and uses the merged version from the main branch. Can you debug the failing test and work out what's going on. |
…ow test
After investigating every test gated by [Condition(nameof(Skip_CoreWCFService_FailedTest))],
the following tests are now confirmed passing against the SelfHostedCoreWcfService and
have their CoreWCF skip removed:
* Client/ClientBase/ClientBaseTests.DefaultSettings_SetCookieOnServerSide
* Extensibility/WebSockets/WebSocketTests.WebSocket_Https_Duplex_Buffered
* Security/TransportSecurity/Tcp/Tcp_ClientCredentialTypeCertificateCanonicalNameTests
- Certificate_With_CanonicalName_DomainName_Address_EchoString
- Certificate_With_CanonicalName_Fqdn_Address_EchoString
Verified on Windows (Windows 10 26200) and WSL Ubuntu-24.04 with the CoreWCF self-host
running locally on http://localhost:8081.
WSHttpBinding_TransactionFlow_Mandatory_WithoutScope_Throws was originally observed to
pass under CoreWCF as well, but that turned out to be a false positive: the test asserts
only the client-side ProtocolException thrown by TransactionChannel before any wire
activity (verified by running the test with no service at all, in 168ms). To make the
test actually exercise CoreWCF's TransactionFlow support, the test has been:
* Renamed to WSHttpBinding_TransactionFlow_Mandatory_RoundTrips_And_WithoutScope_Throws
* Extended with a positive-case round-trip inside a TransactionScope that asserts the
server sees the flowed transaction (IsTransactionFlowed returns true)
* Kept gated by Skip_CoreWCFService_FailedTest because CoreWCF does not register the
WSHttpTransactionFlowMandatory.svc endpoint (the host class is wrapped in #if !NET).
Verification matrix:
* .NET Framework SelfHostedWcfService (net471): strengthened test PASSES in 3s
* SelfHostedCoreWcfService (RunWithCoreWCF=true): strengthened test FAILS with
EndpointNotFoundException at the new positive branch when the skip condition is
temporarily removed, and is correctly SKIPPED with the condition in place.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Pipeline run for PR dotnet#5952 surfaced two Linux-specific issues with tests this PR had un-skipped under CoreWCF. Both failures reproduce against the SelfHostedCoreWcfService on Helix Linux but pass on Windows. 1) Tcp_ClientCredentialTypeCertificateCanonicalNameTests: .Certificate_With_CanonicalName_DomainName_Address_EchoString .Certificate_With_CanonicalName_Fqdn_Address_EchoString On Linux containers Dns.GetHostEntry("127.0.0.1").HostName resolves to "localhost" (verified with getent hosts 127.0.0.1). CertificateGenerator uses that value as the subject CN for the "DomainName" / "Fqdn" certs (CertificateGeneratorLibrary.cs:17-18), so on Linux those certs are indistinguishable from the Localhost cert. The tests assert a NEGATIVE case ("connect to localhost -> server presents DomainName cert -> identity check must fail"), which can never hold when the cert CN is also "localhost". This is a pre-existing test-infra limitation unrelated to CoreWCF; the tests also fail on Linux against a real WCF service. Fix: gate on Is_Windows in addition to Root_Certificate_Installed. 2) ClientBaseTests.DefaultSettings_SetCookieOnServerSide: Server-side Kestrel race on certain Linux distros (Fedora.41, Debian.12; passes on Ubuntu, AzureLinux, openSUSE on the same Helix run): Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets[14] communication error. System.InvalidOperationException: Writing is not allowed after writer was completed. at System.IO.Pipelines.Pipe.GetMemory(Int32 sizeHint) at Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.Internal.SocketConnection.DoReceive() The second POST on the keep-alive connection occasionally hits a CoreWCF/Kestrel pipe-writer race and the client receives a "Connection reset by peer". Not addressable client-side. Fix: restore [Condition(nameof(Skip_CoreWCFService_FailedTest))] with a comment explaining the failure mode. Other un-skipped tests in the PR (WebSocket_Https_Duplex_Buffered and the strengthened WSHttpBinding_TransactionFlow_Mandatory_RoundTrips_And_WithoutScope_Throws) remain unchanged. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…n run
The Certificate_With_CanonicalName_{DomainName,Fqdn}_Address_EchoString tests
assert a NEGATIVE identity check: a client connecting to "localhost" must be
rejected because the server presents a certificate whose CN is a DIFFERENT
name. This only worked on Windows because the cert generator derived the CN
from Dns.GetHostEntry("127.0.0.1").HostName, which returns the machine name on
Windows but "localhost" on Linux/macOS. With CN="localhost" the certs were
indistinguishable from the localhost cert, so the negative assertion could
never hold and the tests failed on the CoreWCF Linux CI legs (hence they were
previously gated to Windows only).
Introduce a runtime switch in CertificateGeneratorLibrary:
* Windows -> Dns.GetHostEntry("127.0.0.1").HostName (unchanged)
* non-Win -> Dns.GetHostEntry(Environment.MachineName).HostName, with a
fallback to Environment.MachineName if the name is unresolvable
or resolves to "localhost".
The new canonical name is used ONLY for the two SubjectCanonicalName certs.
The CRL service URI, the main machine certificate, and the expired/revoked/
alt-name certs continue to use the existing localhost-based s_fqdn/s_hostname
so CRL fetching and general localhost TLS are unaffected.
With this the Is_Windows gate added earlier is removed; the tests run on all
platforms again (still [Issue(3572, OS = OSID.OSX)] for macOS).
Verified locally on WSL Ubuntu-24.04 against the SelfHostedCoreWcfService
(RunWithCoreWCF=true):
* Certificate_With_CanonicalName_DomainName_Address_EchoString -> Passed
* Certificate_With_CanonicalName_Fqdn_Address_EchoString -> Passed
* Certificate_With_CanonicalName_Localhost_Address_EchoString -> Passed
* Full Security.TransportSecurity suite: 0 failed (13 passed, 53 skipped)
Windows behavior is unchanged (the Windows branch resolves to the identical
Dns.GetHostEntry("127.0.0.1").HostName value used before).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
d6019b6 to
00b8d8e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
After investigating every test gated by [Condition(nameof(Skip_CoreWCFService_FailedTest))], the following tests are now confirmed passing against the SelfHostedCoreWcfService and have their CoreWCF skip removed:
WSHttpBinding_TransactionFlow_Mandatory_WithoutScope_Throws was originally observed to pass under CoreWCF as well, but that turned out to be a false positive: the test asserts only the client-side ProtocolException thrown by TransactionChannel before any wire activity (verified by running the test with no service at all, in 168ms). To make the test actually exercise CoreWCF's TransactionFlow support, the test has been:
Verification matrix: