Avoid HttpClientHandler.ServerCertificateCustomValidationCallback kee…

…ping first request message alive (#37021)
dotnet · May 27, 2020 · ae1c5fe · ae1c5fe
1 parent 20a01d2
commit ae1c5fe
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/ConnectHelper.cs b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/ConnectHelper.cs
@@ -136,7 +136,12 @@ public static ValueTask<SslStream> EstablishSslConnectionAsync(SslClientAuthenti
                 Func<HttpRequestMessage, X509Certificate2?, X509Chain?, SslPolicyErrors, bool> localFromHttpClientHandler = mapper.FromHttpClientHandler;
                 HttpRequestMessage localRequest = request;
                 sslOptions.RemoteCertificateValidationCallback = (object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors) =>
-                    localFromHttpClientHandler(localRequest, certificate as X509Certificate2, chain, sslPolicyErrors);
+                {
+                    Debug.Assert(localRequest != null);
+                    bool result = localFromHttpClientHandler(localRequest, certificate as X509Certificate2, chain, sslPolicyErrors);
+                    localRequest = null!; // ensure the SslOptions and this callback don't keep the first HttpRequestMessage alive indefinitely
+                    return result;
+                };
             }
 
             // Create the SslStream, authenticate, and return it.