diff --git a/src/Runner.Sdk/Util/VssUtil.cs b/src/Runner.Sdk/Util/VssUtil.cs index f35b0c21d..012d27f73 100644 --- a/src/Runner.Sdk/Util/VssUtil.cs +++ b/src/Runner.Sdk/Util/VssUtil.cs @@ -38,6 +38,7 @@ namespace GitHub.Runner.Sdk if (StringUtil.ConvertToBoolean(Environment.GetEnvironmentVariable("GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY"))) { VssClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; + RawClientHttpRequestSettings.Default.ServerCertificateValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; } var rawHeaderValues = new List(); diff --git a/src/Sdk/Common/Common/RawHttpMessageHandler.cs b/src/Sdk/Common/Common/RawHttpMessageHandler.cs index 316bcd576..e80e6a747 100644 --- a/src/Sdk/Common/Common/RawHttpMessageHandler.cs +++ b/src/Sdk/Common/Common/RawHttpMessageHandler.cs @@ -106,6 +106,18 @@ namespace GitHub.Services.Common { VssTraceActivity traceActivity = VssTraceActivity.Current; + if (!m_appliedServerCertificateValidationCallbackToTransportHandler && + request.RequestUri.Scheme == "https") + { + HttpClientHandler httpClientHandler = m_transportHandler as HttpClientHandler; + if (httpClientHandler != null && + this.Settings.ServerCertificateValidationCallback != null) + { + httpClientHandler.ServerCertificateCustomValidationCallback = this.Settings.ServerCertificateValidationCallback; + } + m_appliedServerCertificateValidationCallbackToTransportHandler = true; + } + lock (m_thisLock) { // Ensure that we attempt to use the most appropriate authentication mechanism by default. @@ -291,6 +303,7 @@ namespace GitHub.Services.Common } } + private bool m_appliedServerCertificateValidationCallbackToTransportHandler; private readonly HttpMessageHandler m_transportHandler; private HttpMessageInvoker m_messageInvoker; private CredentialWrapper m_credentialWrapper;