Fix certificate health check so that it validates multiple times

Also switch deprecated request.Properties to request.Options
2024-02-08 10:31:36 +00:00
parent 9e5eb2da08
commit ea7ae74ccb
1 changed files with 11 additions and 14 deletions
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/HttpsCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/HttpsCheck.cs
@@ -25,7 +25,6 @@ public class HttpsCheck : HealthCheck
    private const int NumberOfDaysForExpiryWarning = 14;
    private const string HttpPropertyKeyCertificateDaysToExpiry = "CertificateDaysToExpiry";

-    private static HttpClient? _httpClient;
    private readonly IOptionsMonitor<GlobalSettings> _globalSettings;
    private readonly IHostingEnvironment _hostingEnvironment;

@@ -46,12 +45,6 @@ public class HttpsCheck : HealthCheck
        _globalSettings = globalSettings;
        _hostingEnvironment = hostingEnvironment;
    }
-
-    private static HttpClient _httpClientEnsureInitialized => _httpClient ??= new HttpClient(new HttpClientHandler
-    {
-        ServerCertificateCustomValidationCallback = ServerCertificateCustomValidation,
-    });
-
    /// <inheritdoc />
    public override async Task<IEnumerable<HealthCheckStatus>> GetStatus() =>
        await Task.WhenAll(
@@ -72,8 +65,7 @@ public class HttpsCheck : HealthCheck
    {
        if (certificate is not null)
        {
-            requestMessage.Properties[HttpPropertyKeyCertificateDaysToExpiry] =
-                (int)Math.Floor((certificate.NotAfter - DateTime.Now).TotalDays);
+            requestMessage.Options.Set(new HttpRequestOptionsKey<int?>(HttpPropertyKeyCertificateDaysToExpiry), (int?)Math.Floor((certificate.NotAfter - DateTime.Now).TotalDays));
        }

        return sslErrors == SslPolicyErrors.None;
@@ -92,17 +84,22 @@ public class HttpsCheck : HealthCheck

        try
        {
-            using HttpResponseMessage response = await _httpClientEnsureInitialized.SendAsync(request);
+            using var httpClient = new HttpClient(new HttpClientHandler
+            {
+                ServerCertificateCustomValidationCallback = ServerCertificateCustomValidation,
+            });
+
+            using HttpResponseMessage response = await httpClient.SendAsync(request);

            if (response.StatusCode == HttpStatusCode.OK)
            {
                // Got a valid response, check now if the certificate is expiring within the specified amount of days
                int? daysToExpiry = 0;
-                if (request.Properties.TryGetValue(
-                    HttpPropertyKeyCertificateDaysToExpiry,
-                    out var certificateDaysToExpiry))
+                if (response.RequestMessage != null && response.RequestMessage.Options.TryGetValue(
+                        new HttpRequestOptionsKey<int?>(HttpPropertyKeyCertificateDaysToExpiry),
+                        out var certificateDaysToExpiry))
                {
-                    daysToExpiry = (int?)certificateDaysToExpiry;
+                    daysToExpiry = certificateDaysToExpiry;
                }

                if (daysToExpiry <= 0)