dotnet · wfurt · Feb 12, 2021 · Feb 11, 2021 · Feb 11, 2021 · Feb 12, 2021
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNetworkStreamTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamNetworkStreamTest.cs
@@ -354,7 +354,7 @@ public async Task SslStream_UntrustedCaWithCustomCallback_Throws(bool customCall
         public async Task SslStream_ClientCertificate_SendsChain()
         {
             List<SslStream> streams = new List<SslStream>();
-            TestHelper.CleanupCertificates("SslStream_ClinetCertificate_SendsChain");
+            TestHelper.CleanupCertificates();
             (X509Certificate2 clientCertificate, X509Certificate2Collection clientChain) = TestHelper.GenerateCertificates("SslStream_ClinetCertificate_SendsChain", serverCertificate: false);
             using (X509Store store = new X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser))
             {
@@ -364,24 +364,14 @@ public async Task SslStream_ClientCertificate_SendsChain()
                 store.Close();
             }
 
-            // There is race between adding certificate to the store and building chain
-            // Make sure we can build chain before proceeding to ssl handshale
             using (var chain = new X509Chain())
             {
-                int count = 25;
                 chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
                 chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
                 chain.ChainPolicy.DisableCertificateDownloads = false;
                 bool chainStatus = chain.Build(clientCertificate);
-                while (chain.ChainElements.Count != (clientChain.Count + 1) && count > 0)
-                {
-                    Thread.Sleep(100);
-                    count--;
-                    chainStatus = chain.Build(clientCertificate);
-                }
-
                 // Verify we can construct full chain
-                Assert.True(chain.ChainElements.Count > clientChain.Count, "chain cannot be built");
+                Assert.True(chain.ChainElements.Count >= clientChain.Count, "chain cannot be built");
             }
 
             var clientOptions = new  SslClientAuthenticationOptions() { TargetHost = "localhost",  };
@@ -421,7 +411,7 @@ public async Task SslStream_ClientCertificate_SendsChain()
                 streams.Add(server);
             }
 
-            TestHelper.CleanupCertificates("SslStream_ClinetCertificate_SendsChain");
+            TestHelper.CleanupCertificates();
             clientCertificate.Dispose();
             foreach (X509Certificate c in clientChain)
             {

diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/TestHelper.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/TestHelper.cs
@@ -81,7 +81,7 @@ internal static (NetworkStream ClientStream, NetworkStream ServerStream) GetConn
 
         }
 
-        internal static void CleanupCertificates(string testName)
+        internal static void CleanupCertificates([CallerMemberName] string? testName = null)
         {
             string caName = $"O={testName}";
             try

diff --git a/...raphy.X509Certificates/src/Internal/Cryptography/Pal.Unix/CachedDirectoryStoreProvider.cs b/...raphy.X509Certificates/src/Internal/Cryptography/Pal.Unix/CachedDirectoryStoreProvider.cs
@@ -22,27 +22,34 @@ internal sealed class CachedDirectoryStoreProvider
 
         private SafeX509StackHandle? _nativeCollection;
         private DateTime _loadLastWrite;
+        private bool _forceRefresh;
 
         internal CachedDirectoryStoreProvider(string storeName)
         {
             string storePath = DirectoryBasedStoreProvider.GetStorePath(storeName);
             _storeDirectoryInfo = new DirectoryInfo(storePath);
         }
 
+        internal void DoRefresh()
+        {
+            _forceRefresh = true;
+        }
+
         internal SafeX509StackHandle GetNativeCollection()
         {
             SafeX509StackHandle? ret = _nativeCollection;
 
             TimeSpan elapsed = _recheckStopwatch.Elapsed;
 
-            if (ret == null || elapsed >= s_lastWriteRecheckInterval)
+            if (ret == null || elapsed >= s_lastWriteRecheckInterval || _forceRefresh)
             {
                 lock (_recheckStopwatch)
                 {
                     _storeDirectoryInfo.Refresh();
                     DirectoryInfo info = _storeDirectoryInfo;
 
                     if (ret == null ||
+                        _forceRefresh ||
                         elapsed >= s_assumeInvalidInterval ||
                         (info.Exists && info.LastWriteTimeUtc != _loadLastWrite))
                     {
@@ -65,6 +72,7 @@ internal SafeX509StackHandle GetNativeCollection()
                         ret = newColl;
                         _nativeCollection = newColl;
                         _recheckStopwatch.Restart();
+                        _forceRefresh = false;
                     }
                 }
             }

diff --git a/...tem.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/ChainPal.cs b/...tem.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/ChainPal.cs
@@ -23,6 +23,11 @@ public static bool ReleaseSafeX509ChainHandle(IntPtr handle)
             return true;
         }
 
+        public static void FlushStores()
+        {
+            OpenSslX509ChainProcessor.FlushStores();
+        }
+
         public static IChainPal BuildChain(
             bool useMachineContext,
             ICertificatePal cert,

diff --git a/...graphy.X509Certificates/src/Internal/Cryptography/Pal.Unix/DirectoryBasedStoreProvider.cs b/...graphy.X509Certificates/src/Internal/Cryptography/Pal.Unix/DirectoryBasedStoreProvider.cs
@@ -118,6 +118,7 @@ public void Add(ICertificatePal certPal)
             try
             {
                 AddCertToStore(certPal);
+                ChainPal.FlushStores();
             }
             catch (CryptographicException)
             {
@@ -223,6 +224,7 @@ public void Remove(ICertificatePal certPal)
                         }
 
                         File.Delete(currentFilename);
+                        ChainPal.FlushStores();
                     }
                 } while (currentFilename != null);
             }

diff --git a/...tography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslX509ChainProcessor.cs b/...tography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslX509ChainProcessor.cs
@@ -326,6 +326,13 @@ internal void CommitToChain()
             Interop.Crypto.X509StoreCtxCommitToChain(_storeCtx);
         }
 
+        internal static void FlushStores()
+        {
+            s_userRootStore.DoRefresh();
+            s_userPersonalStore.DoRefresh();
+            s_userIntermediateStore.DoRefresh();
+        }
+
         internal void ProcessRevocation(
             X509RevocationMode revocationMode,
             X509RevocationFlag revocationFlag)
-Original file line number
+Diff line change
@@ Expand Up @@
             }
-            internal static void CleanupCertificates(string testName)
+            internal static void CleanupCertificates([CallerMemberName] string? testName = null)
             {
                 string caName = $"O={testName}";
                 try
@@ Expand Down @@