Introduce KestrelServerOptions.CheckDefaultCertificate

[amcasey]

Introduce KestrelServerOptions.HasDefaultOrDevelopmentCertificate

• You've read the Contributor Guide and Code of Conduct.
• You've included unit or integration tests for your change, where applicable.
• You've included inline docs for your change, where applicable.
• There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Description

Introduce KestrelServerOptions.HasDefaultOrDevelopmentCertificate as a way to determine whether a certificate is available before invoking KestrelServerOptions.Listen and possibly failing in ListenOptions.UseHttps.

Replaces #48054
Fixes #28120

[amcasey]

Blocked on API approval: #48055

[mitchdenny]

Not super enthusiastic about a property getter having side effects.

[Tratcher]

Yeah, make it a method.

bool CheckForDefaultCertificate()

The development certificate counts as a default and is explained in the docs.

[amcasey]

What side-effect are we worried about? Enabling https config?

[amcasey]

I'm not familiar with the bool CheckFoo() naming convention - personally, I'd expect that method to throw if the condition weren't satisfied. I take it we use that elsewhere?

[amcasey]

Renamed and made it a method, but I'd still like to understand more about side-effects.

[amcasey]

Incidentally, now that it doesn't actually return the cert, I would be fine with this throwing if https configuration isn't enabled.

[amcasey]

The point of the method is to avoid throwing for known, common conditions. Exceptions should only be used for unexpected conditions.

Sorry, I'm not sure which part of the thread you're responding to. If it was about my expectation that CheckFoo would throw, that was an intuition about the naming convention and not a comment on how this member (whatever name and shape it ends up taking) should behave.

[Tratcher]

This is a friendly guard method, letting you check the state in a controlled way to avoid an exception later. It should not throw an exception.

[amcasey]

@halter73 Asked me to have it throw in that case. Would you like me to work up a version that loads eagerly and then compensates if the configuration changes?

[Tratcher]

If you're getting conflicting advice we should hold off until we can discuss it in a meeting, API review or otherwise.

[Tratcher]

Can this call ConfigurationLoader.Load() instead of throwing?

[amcasey]

@halter73 Suggested doing it this way because invoking Load ourselves would put the burden on us to reload on change.

[Tratcher]

We'd have to reload if CheckDefaultCertificate were called again? That seems reasonable.

[amcasey]

I understood him to say that config changes between the first call to Load and bind-time would be lost since bind wouldn't attempt to reload and already loaded configuration.

[amcasey]

(i.e. other consumers of the configuration might see stale values.)

[halter73]

@halter73 Suggested doing it this way because invoking Load ourselves would put the burden on us to reload on change.

We should capture the reload token during the first call to Load regardless. If we start calling Load ourselves in more places, we should fix the bug at the same time. Otherwise, we risk not picking up new endpoints or certa added to Kestrel config between the manual call to Load and a later call to StartAsync. We could always call Reload during StarAsync, but it'd be more efficient to only reload if the configuration has actually changed.

That said, this is a pretty narrow edge case and an existing big.

[Tratcher]

This is a friendly guard method, letting you check the state in a controlled way to avoid an exception later. It should not throw an exception.

[amcasey]

We're going to try to fix things without a new API.