diff --git a/FastGithub.HttpServer/KestrelServerExtensions.cs b/FastGithub.HttpServer/KestrelServerExtensions.cs index ab1f7ed..b8ba854 100644 --- a/FastGithub.HttpServer/KestrelServerExtensions.cs +++ b/FastGithub.HttpServer/KestrelServerExtensions.cs @@ -10,6 +10,9 @@ using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; using System; +using System.Net.Security; +using System.Security.Cryptography.X509Certificates; +using System.Threading.Tasks; namespace FastGithub { @@ -149,7 +152,7 @@ namespace FastGithub var certService = listen.ApplicationServices.GetRequiredService(); certService.CreateCaCertIfNotExists(); certService.InstallAndTrustCaCert(); - return listen.UseTls(https => https.ServerCertificateSelector = (ctx, domain) => certService.GetOrCreateServerCert(domain)); + return listen.UseTls(domain => certService.GetOrCreateServerCert(domain)); } /// @@ -158,13 +161,23 @@ namespace FastGithub /// /// https配置 /// - private static ListenOptions UseTls(this ListenOptions listen, Action configureOptions) + private static ListenOptions UseTls(this ListenOptions listen, Func certFactory) { var invadeMiddleware = listen.ApplicationServices.GetRequiredService(); var restoreMiddleware = listen.ApplicationServices.GetRequiredService(); listen.Use(next => context => invadeMiddleware.InvokeAsync(next, context)); - listen.UseHttps(configureOptions); + listen.UseHttps(new TlsHandshakeCallbackOptions + { + OnConnection = context => + { + var options = new SslServerAuthenticationOptions + { + ServerCertificate = certFactory(context.ClientHelloInfo.ServerName) + }; + return ValueTask.FromResult(options); + }, + }); listen.Use(next => context => restoreMiddleware.InvokeAsync(next, context)); return listen; }