Potential premature dispose of HTTP/2 connection in ClientWebSocket

[CarnaViire]

I've found very suspicious code while looking at ClientWebSocket, I didn't try to create a repro yet, but it should be easy to do so.

TL;DR: I suspect if you try to use WebSocket with custom security options like Credentials or RemoteCertificateValidationCallback, it will result in premature HTTP/2 connection disposal, so the WebSocket will not be usable.

The code that decides whether WS should dispose the message handler after use does that regardless of HTTP version

runtime/src/libraries/System.Net.WebSockets.Client/src/System/Net/WebSockets/WebSocketHandle.Managed.cs

Lines 240 to 247 in 3824cb2

	if (options.Credentials == null &&
	!options.UseDefaultCredentials &&
	options.Proxy == null &&
	options.Cookies == null &&
	options.RemoteCertificateValidationCallback == null &&
	(options._clientCertificates?.Count ?? 0) == 0)
	{
	disposeHandler = false;

runtime/src/libraries/System.Net.WebSockets.Client/src/System/Net/WebSockets/WebSocketHandle.Managed.cs

Lines 264 to 266 in 3824cb2

	else
	{
	disposeHandler = true;

Disposing the handler after the Upgrage request is totally ok in HTTP/1.1 case, because the connection is removed from the HttpConnectionPool. But for HTTP/2 case, the connection stays in the pool, as only one stream is used for a WebSocket and other streams can be used for HTTP requests.

So, as the code follows, after an Extended Connect call and creation of a WebSocket, the handler will get disposed, which will result in HTTP/2 connections in the pool being disposed, which will result in a closed HTTP/2 stream and an aborted WebSocket -- unless I miss something.

Could you please check out this scenario @greenEkatherine?

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

---

I've found very suspicious code while looking at ClientWebSocket, I didn't try to create a repro yet, but it should be easy to do so.

TL;DR: I suspect if you try to use WebSocket with custom security options like Credentials or RemoteCertificateValidationCallback, it will result in premature HTTP/2 connection disposal, so the WebSocket will not be usable.

The code that decides whether WS should dispose the message handler after use does that regardless of HTTP version

runtime/src/libraries/System.Net.WebSockets.Client/src/System/Net/WebSockets/WebSocketHandle.Managed.cs

Lines 236 to 243 in 08a11e4

	if (options.Credentials == null &&
	!options.UseDefaultCredentials &&
	options.Proxy == null &&
	options.Cookies == null &&
	options.RemoteCertificateValidationCallback == null &&
	(options._clientCertificates?.Count ?? 0) == 0)
	{
	disposeHandler = false;

runtime/src/libraries/System.Net.WebSockets.Client/src/System/Net/WebSockets/WebSocketHandle.Managed.cs

Lines 260 to 262 in 08a11e4

	else
	{
	disposeHandler = true;

Disposing the handler after the Upgrage request is totally ok in HTTP/1.1 case, because the connection is removed from the HttpConnectionPool. But for HTTP/2 case, the connection stays in the pool, as only one stream is used for a WebSocket and other streams can be used for HTTP requests.

So, as the code follows, after an Extended Connect call and creation of a WebSocket, the handler will get disposed, which will result in HTTP/2 connections in the pool being disposed, which will result in a closed HTTP/2 stream and an aborted WebSocket -- unless I miss something.

Could you please check out this scenario @greenEkatherine?

Author:	CarnaViire
Assignees:	-
Labels:	area-System.Net
Milestone:	-

[MihaZupan]

Even with a shared handler instance, there is an issue that we are setting the pooled connection lifetime to zero:

runtime/src/libraries/System.Net.WebSockets.Client/src/System/Net/WebSockets/WebSocketHandle.Managed.cs

Line 253 in 3824cb2

PooledConnectionLifetime = TimeSpan.Zero,

As far as I'm reading the code, this means that if the user just sets the version to 2.0 without passing in their own invoker, they will never reuse an H2 connection for multiple WS streams.

[greenEkatherine]

I can confirm that if we don't provide external invoker but provide custom options the handler will be disposed. Should we keep connection if it wasn't provided by user (which means to disable disposing for H2 at all)?

[CarnaViire]

Yes, I think if we end up using H2 with custom security options for the WebSocket, we should keep the handler in the instance and dispose upon WS disposal.

[karelz]

Triage: We don't believe it has functional impact (@greenEkatherine please confirm).
However, we will not reuse the HTTP/2 connection for multiple WebSocket streams, which defeats the purpose of the feature.
Does not seem to be critical for 7.0 as it is new protocol.

[greenEkatherine]

Confirming that HTTP/2 stream is not closed after handler disposal -- no functional impact.

Currently there are no such scenarios in our tests, even for HTTP/1.1. We test some options, but we don't check web socket state or successful send/receive after connection.

[stephentoub]

However, we will not reuse the HTTP/2 connection for multiple WebSocket streams, which defeats the purpose of the feature. Does not seem to be critical for 7.0 as it is new protocol

If it entirely defeats the purpose of the feature, and the feature was important to ship in 7.0, how is this not critical to 7.0? Who was requesting the feature, and this still meets their needs?