fix IsMutuallyAuthenticated with NegotiateClientCertificateAsync

[wfurt]

contributes to #65563 and #75545.

The problem is that with existing code we clean _selectedClientCertificate if the selected certificate was attached to credentials but not used. So later it can be provided via renegotiation or PHA for TLS 1.3 but we already lost the link.

The fix is to keep _selectedClientCertificate untouched once client certificate was selected and used but guard LocalServerCertificate with the extra check that was added by #79898.

[ghost]

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

contributes to #65563 and #75545.

The problem is that with existing code we clean _selectedClientCertificate if the selected certificate was attached to credentials but not used. So later it can be provided via renegotiation or PHA for TLS 1.3 but we already lost the link.

The fix is to keep _selectedClientCertificate untouched once client certificate was selected and used but guard LocalServerCertificate with the extra check that was added by #79898.

Author:	wfurt
Assignees:	wfurt
Labels:	area-System.Net.Security
Milestone:	8.0.0

[rzikm]

LGTM!

[rzikm]

/backport to 7.0-staging

[github-actions]

Started backporting to 7.0-staging: https://github.com/dotnet/runtime/actions/runs/7116625187

[github-actions]

@rzikm an error occurred while backporting to 7.0-staging, please check the run log for details!

The process '/usr/bin/git' failed with exit code 1

[rzikm]

/backport to release/7.0-staging

[github-actions]

Started backporting to release/7.0-staging: https://github.com/dotnet/runtime/actions/runs/7116695721

[github-actions]

@rzikm backporting to release/7.0-staging failed, the patch most likely resulted in conflicts:

$ git am --3way --ignore-whitespace --keep-non-patch changes.patch

Applying: fix IsMutuallyAuthenticated with NegotiateClientCertificateAsync
Using index info to reconstruct a base tree...
M	src/libraries/System.Net.Security/src/System/Net/Security/SslStream.IO.cs
M	src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs
M	src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamMutualAuthenticationTest.cs
Falling back to patching base and 3-way merge...
Auto-merging src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamMutualAuthenticationTest.cs
CONFLICT (content): Merge conflict in src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamMutualAuthenticationTest.cs
Auto-merging src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs
Auto-merging src/libraries/System.Net.Security/src/System/Net/Security/SslStream.IO.cs
CONFLICT (content): Merge conflict in src/libraries/System.Net.Security/src/System/Net/Security/SslStream.IO.cs
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 fix IsMutuallyAuthenticated with NegotiateClientCertificateAsync
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Error: The process '/usr/bin/git' failed with exit code 128

Please backport manually!

[github-actions]

@rzikm an error occurred while backporting to release/7.0-staging, please check the run log for details!

Error: git am failed, most likely due to a merge conflict.