Native memory leak on TLS client reading OCSP staple.

Under specific condition, .NET 7 and 8 are leaking native memory during TLS handshake. The specific condition is:
- Server sends OCSP staple during TLS handshake (server running .NET 7+, or other stacks supporting OCSP)
- A client certificate is used and supplied via [`LocalCertificateSelectionCallback`](https://learn.microsoft.com/en-us/dotnet/api/system.net.security.sslclientauthenticationoptions.localcertificateselectioncallback?view=net-7.0) to SslStream:
    - This is the behavior for `HttpClient` configured with `HttpClientHandler` (the default handler)
    - Alternative ways do not have the problem ([`SslClientAuthenticationOptions.ClientCertificatesCollection`](https://learn.microsoft.com/en-us/dotnet/api/system.net.security.sslclientauthenticationoptions.clientcertificates?view=net-7.0#system-net-security-sslclientauthenticationoptions-clientcertificates) or [`SslClientAuthenticationOptions.ClientCertificateContext`](https://learn.microsoft.com/en-us/dotnet/api/system.net.security.sslclientauthenticationoptions.clientcertificatecontext?view=net-8.0#system-net-security-sslclientauthenticationoptions-clientcertificatecontext))
- Server performs renegotiation (or post-handshake client authentication)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Native memory leak on TLS client reading OCSP staple. #96616

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Native memory leak on TLS client reading OCSP staple. #96616

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions