pnp/docker-spfx

PowerShell SSL Script in DevelopmentContainers.md needs updating

NoralK opened this issue · 2 comments

NoralK commented

Describe the bug
The PowerShell SSL Script provided #6, under Starting working with SPFx when you run Docker locally, is erroring out.

To Reproduce
Steps to reproduce the behavior:

  1. Run the script as provided and it will produce this error
Exception calling "AuthenticateAsClient" with "1" argument(s): "A call to SSPI failed, see inner exception."
At D:\NGK\PnP\Calendar-Updated\Install-SSLCertificate.ps1:6 char:1
+ $sslStream.AuthenticateAsClient('');
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AuthenticationException
 
Exception calling "Add" with "1" argument(s): "pCertContext is an invalid handle."
At D:\NGK\PnP\Calendar-Updated\Install-SSLCertificate.ps1:14 char:1
+ $store.add($x509Certificate);
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CryptographicException

Expected behavior
No errors and the Cert installed into the store.

Screenshots
N/A

Desktop (please complete the following information):

  • OS: Windows 10 Ent
  • Shell PowerShell
  • Any

Additional context
To resolve the issue change line 6 from
$sslStream.AuthenticateAsClient('');
to
$sslStream.AuthenticateAsClient( $HostAddress, $null, [System.Net.SecurityProtocolType]'Tls, Tls12', $false )

waldekmastykarz commented

@NoralK would you be willing to submit a PR? @shurick81 would you be willing to review the proposed solution?

shurick81 commented

Hi @NoralK it's vey curious what you are bringing up! Do you know how to replicate this issue? Can it happen when some specific TLS configuration of http client are in place?

I wonder what output you get from the following PS lines?

[Net.ServicePointManager]::SecurityProtocol
[enum]::GetNames([System.Net.SecurityProtocolType])

Here's what I get on my Win 11 machine:

PS C:\Users\asa> [Net.ServicePointManager]::SecurityProtocol
SystemDefault
PS C:\Users\asa> [enum]::GetNames([System.Net.SecurityProtocolType])
SystemDefault
Ssl3
Tls
Tls11
Tls12
Tls13