[pulsar-dotpulsar] branch master updated: When building a Pulsar client you can now specify whether the certificate revocation list is checked during authentication. Make ready for release 2.9.0

[blankensteiner]

This is an automated email from the ASF dual-hosted git repository.

blankensteiner pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-dotpulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new d16825b  When building a Pulsar client you can now specify whether the 
certificate revocation list is checked during authentication. Make ready for 
release 2.9.0
d16825b is described below

commit d16825bbcf2e743fae1c6102348be607ce1df145
Author: Daniel Blankensteiner <d...@vmail.dk>
AuthorDate: Thu Jan 26 09:53:16 2023 +0100

    When building a Pulsar client you can now specify whether the certificate 
revocation list is checked during authentication.
    Make ready for release 2.9.0
---
 CHANGELOG.md                                       |  6 ++++++
 src/DotPulsar/Abstractions/IPulsarClientBuilder.cs |  7 ++++++-
 src/DotPulsar/DotPulsar.csproj                     |  2 +-
 src/DotPulsar/Internal/Connector.cs                |  9 ++++++---
 src/DotPulsar/Internal/PulsarClientBuilder.cs      | 12 ++++++++++--
 5 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eb4e77a..359159f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this 
file.
 
 The format is based on [Keep a 
Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to 
[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.9.0] - 2023-01-26
+
+### Added
+
+- When building a Pulsar client you can now specify whether the certificate 
revocation list is checked during authentication. The default is 'true'
+
 ## [2.8.0] - 2023-01-20
 
 ### Added
diff --git a/src/DotPulsar/Abstractions/IPulsarClientBuilder.cs 
b/src/DotPulsar/Abstractions/IPulsarClientBuilder.cs
index 9cf41e0..c9aad89 100644
--- a/src/DotPulsar/Abstractions/IPulsarClientBuilder.cs
+++ b/src/DotPulsar/Abstractions/IPulsarClientBuilder.cs
@@ -1,4 +1,4 @@
-/*
+/*
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -38,6 +38,11 @@ public interface IPulsarClientBuilder
     /// </summary>
     IPulsarClientBuilder Authentication(IAuthentication authentication);
 
+    /// <summary>
+    /// Specifies whether the certificate revocation list is checked during 
authentication. The default is 'true'.
+    /// </summary>
+    IPulsarClientBuilder CheckCertificateRevocation(bool 
checkCertificateRevocation);
+
     /// <summary>
     /// Set connection encryption policy. The default is 'EnforceUnencrypted' 
if the ServiceUrl scheme is 'pulsar' and 'EnforceEncrypted' if it's 
'pulsar+ssl'.
     /// </summary>
diff --git a/src/DotPulsar/DotPulsar.csproj b/src/DotPulsar/DotPulsar.csproj
index af3a1c8..af8a38a 100644
--- a/src/DotPulsar/DotPulsar.csproj
+++ b/src/DotPulsar/DotPulsar.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     
<TargetFrameworks>netstandard2.0;netstandard2.1;net6.0;net7.0</TargetFrameworks>
-    <Version>2.8.0</Version>
+    <Version>2.9.0</Version>
     <AssemblyVersion>$(Version)</AssemblyVersion>
     <FileVersion>$(Version)</FileVersion>
     <Authors>ApachePulsar,DanskeCommodities,dblank</Authors>
diff --git a/src/DotPulsar/Internal/Connector.cs 
b/src/DotPulsar/Internal/Connector.cs
index 4130fb6..6af6bfb 100644
--- a/src/DotPulsar/Internal/Connector.cs
+++ b/src/DotPulsar/Internal/Connector.cs
@@ -1,4 +1,4 @@
-/*
+/*
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -29,17 +29,20 @@ public sealed class Connector
     private readonly X509Certificate2? _trustedCertificateAuthority;
     private readonly bool _verifyCertificateAuthority;
     private readonly bool _verifyCertificateName;
+    private readonly bool _checkCertificateRevocation;
 
     public Connector(
         X509Certificate2Collection clientCertificates,
         X509Certificate2? trustedCertificateAuthority,
         bool verifyCertificateAuthority,
-        bool verifyCertificateName)
+        bool verifyCertificateName,
+        bool checkCertificateRevocation)
     {
         _clientCertificates = clientCertificates;
         _trustedCertificateAuthority = trustedCertificateAuthority;
         _verifyCertificateAuthority = verifyCertificateAuthority;
         _verifyCertificateName = verifyCertificateName;
+        _checkCertificateRevocation = checkCertificateRevocation;
     }
 
     public async Task<Stream> Connect(Uri serviceUrl)
@@ -89,7 +92,7 @@ public sealed class Connector
         try
         {
             sslStream = new SslStream(stream, false, 
ValidateServerCertificate, null);
-            await sslStream.AuthenticateAsClientAsync(host, 
_clientCertificates, SslProtocols.None, true).ConfigureAwait(false);
+            await sslStream.AuthenticateAsClientAsync(host, 
_clientCertificates, SslProtocols.None, 
_checkCertificateRevocation).ConfigureAwait(false);
             return sslStream;
         }
         catch
diff --git a/src/DotPulsar/Internal/PulsarClientBuilder.cs 
b/src/DotPulsar/Internal/PulsarClientBuilder.cs
index 164e209..373667f 100644
--- a/src/DotPulsar/Internal/PulsarClientBuilder.cs
+++ b/src/DotPulsar/Internal/PulsarClientBuilder.cs
@@ -1,4 +1,4 @@
-/*
+/*
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -32,6 +32,7 @@ public sealed class PulsarClientBuilder : IPulsarClientBuilder
     private Uri _serviceUrl;
     private X509Certificate2? _trustedCertificateAuthority;
     private readonly X509Certificate2Collection _clientCertificates;
+    private bool _checkCertificateRevocation;
     private bool _verifyCertificateAuthority;
     private bool _verifyCertificateName;
     private TimeSpan _closeInactiveConnectionsInterval;
@@ -54,6 +55,7 @@ public sealed class PulsarClientBuilder : IPulsarClientBuilder
         _retryInterval = TimeSpan.FromSeconds(3);
         _serviceUrl = new 
Uri($"{Constants.PulsarScheme}://localhost:{Constants.DefaultPulsarPort}");
         _clientCertificates = new X509Certificate2Collection();
+        _checkCertificateRevocation = true;
         _verifyCertificateAuthority = true;
         _verifyCertificateName = false;
         _closeInactiveConnectionsInterval = TimeSpan.FromSeconds(60);
@@ -78,6 +80,12 @@ public sealed class PulsarClientBuilder : 
IPulsarClientBuilder
         return this;
     }
 
+    public IPulsarClientBuilder CheckCertificateRevocation(bool 
checkCertificateRevocation)
+    {
+        _checkCertificateRevocation = checkCertificateRevocation;
+        return this;
+    }
+
     public IPulsarClientBuilder ConnectionSecurity(EncryptionPolicy 
encryptionPolicy)
     {
         _encryptionPolicy = encryptionPolicy;
@@ -161,7 +169,7 @@ public sealed class PulsarClientBuilder : 
IPulsarClientBuilder
         else
             throw new InvalidSchemeException($"Invalid scheme '{scheme}'. 
Expected '{Constants.PulsarScheme}' or '{Constants.PulsarSslScheme}'");
 
-        var connector = new Connector(_clientCertificates, 
_trustedCertificateAuthority, _verifyCertificateAuthority, 
_verifyCertificateName);
+        var connector = new Connector(_clientCertificates, 
_trustedCertificateAuthority, _verifyCertificateAuthority, 
_verifyCertificateName, _checkCertificateRevocation);
 
         var exceptionHandlers = new List<IHandleException>(_exceptionHandlers) 
{ new DefaultExceptionHandler(_retryInterval) };
         var exceptionHandlerPipeline = new 
ExceptionHandlerPipeline(exceptionHandlers);