From 0916cd639bd4b8aeb343111543a7410027d59658 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ahmet=20=C4=B0brahim=20Aksoy?= Date: Thu, 4 Jun 2026 11:36:40 +0200 Subject: [PATCH 1/2] Map SEC_E_MUTUAL_AUTH_FAILED SSPI status in SslStream AcceptSecurityContext can return SEC_E_MUTUAL_AUTH_FAILED (0x8009035D) during a failed TLS client-auth handshake. This value was missing from Interop.SECURITY_STATUS and the SecurityStatusAdapterPal dictionary, so GetSecurityStatusPalFromInterop hit Debug.Fail and crashed the process (and threw InternalException in release) instead of surfacing an AuthenticationException. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../src/Interop/Windows/SChannel/Interop.SECURITY_STATUS.cs | 1 + .../src/System/Net/SecurityStatusAdapterPal.Windows.cs | 3 ++- .../System.Net.Security/src/System/Net/SecurityStatusPal.cs | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/libraries/Common/src/Interop/Windows/SChannel/Interop.SECURITY_STATUS.cs b/src/libraries/Common/src/Interop/Windows/SChannel/Interop.SECURITY_STATUS.cs index 67370f9587fa08..dcf22b7c65b8f4 100644 --- a/src/libraries/Common/src/Interop/Windows/SChannel/Interop.SECURITY_STATUS.cs +++ b/src/libraries/Common/src/Interop/Windows/SChannel/Interop.SECURITY_STATUS.cs @@ -50,6 +50,7 @@ internal enum SECURITY_STATUS UnsupportedPreauth = unchecked((int)0x80090343), BadBinding = unchecked((int)0x80090346), DowngradeDetected = unchecked((int)0x80090350), + MutualAuthFailed = unchecked((int)0x8009035D), ApplicationProtocolMismatch = unchecked((int)0x80090367), NoRenegotiation = unchecked((int)0x00090360), KeySetDoesNotExist = unchecked((int)0x80090016) diff --git a/src/libraries/System.Net.Security/src/System/Net/SecurityStatusAdapterPal.Windows.cs b/src/libraries/System.Net.Security/src/System/Net/SecurityStatusAdapterPal.Windows.cs index a6b4e4115d48f4..7a1d48f35f1e63 100644 --- a/src/libraries/System.Net.Security/src/System/Net/SecurityStatusAdapterPal.Windows.cs +++ b/src/libraries/System.Net.Security/src/System/Net/SecurityStatusAdapterPal.Windows.cs @@ -9,7 +9,7 @@ namespace System.Net { internal static class SecurityStatusAdapterPal { - private const int StatusDictionarySize = 45; + private const int StatusDictionarySize = 46; #if DEBUG static SecurityStatusAdapterPal() @@ -44,6 +44,7 @@ static SecurityStatusAdapterPal() { Interop.SECURITY_STATUS.InvalidToken, SecurityStatusPalErrorCode.InvalidToken }, { Interop.SECURITY_STATUS.LogonDenied, SecurityStatusPalErrorCode.LogonDenied }, { Interop.SECURITY_STATUS.MessageAltered, SecurityStatusPalErrorCode.MessageAltered }, + { Interop.SECURITY_STATUS.MutualAuthFailed, SecurityStatusPalErrorCode.MutualAuthFailed }, { Interop.SECURITY_STATUS.NoAuthenticatingAuthority, SecurityStatusPalErrorCode.NoAuthenticatingAuthority }, { Interop.SECURITY_STATUS.NoImpersonation, SecurityStatusPalErrorCode.NoImpersonation }, { Interop.SECURITY_STATUS.NoCredentials, SecurityStatusPalErrorCode.NoCredentials }, diff --git a/src/libraries/System.Net.Security/src/System/Net/SecurityStatusPal.cs b/src/libraries/System.Net.Security/src/System/Net/SecurityStatusPal.cs index f4d79d578c8f2c..54fc7f9fff5094 100644 --- a/src/libraries/System.Net.Security/src/System/Net/SecurityStatusPal.cs +++ b/src/libraries/System.Net.Security/src/System/Net/SecurityStatusPal.cs @@ -70,6 +70,7 @@ internal enum SecurityStatusPalErrorCode UnsupportedPreauth, BadBinding, DowngradeDetected, + MutualAuthFailed, ApplicationProtocolMismatch, NoRenegotiation, KeySetDoesNotExist, From 260ab0fb4330d1b02da7a2b299f2653a947cd836 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ahmet=20=C4=B0brahim=20Aksoy?= Date: Thu, 4 Jun 2026 13:07:12 +0200 Subject: [PATCH 2/2] Move MutualAuthFailed to end of SecurityStatusPalErrorCode enum Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../System.Net.Security/src/System/Net/SecurityStatusPal.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libraries/System.Net.Security/src/System/Net/SecurityStatusPal.cs b/src/libraries/System.Net.Security/src/System/Net/SecurityStatusPal.cs index 54fc7f9fff5094..7a28d1448a7ec0 100644 --- a/src/libraries/System.Net.Security/src/System/Net/SecurityStatusPal.cs +++ b/src/libraries/System.Net.Security/src/System/Net/SecurityStatusPal.cs @@ -70,10 +70,10 @@ internal enum SecurityStatusPalErrorCode UnsupportedPreauth, BadBinding, DowngradeDetected, - MutualAuthFailed, ApplicationProtocolMismatch, NoRenegotiation, KeySetDoesNotExist, - ContextExpiredError + ContextExpiredError, + MutualAuthFailed } }