From 0107b0f28b61fd1d1c84187dc77ed47606d0c60a Mon Sep 17 00:00:00 2001
From: wfurt <tweinfurt@yahoo.com>
Date: Tue, 12 May 2026 16:47:46 +0000
Subject: [PATCH 1/3] Add note clarifying TLS use in HttpListener

---
 .../src/System/Net/Managed/HttpConnection.cs                 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs b/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
index d0e17bcd3f387f..434c9daaab333d 100644
--- a/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
+++ b/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
@@ -84,6 +84,11 @@ public HttpConnection(Socket sock, HttpEndPointListener epl, bool secure, X509Ce
             else
             {
 #pragma warning disable CA5359
+                // This part is actually never called because LoadCertificateAndKey always returns null
+                // and for managed implementtion we never negotiate TLS. If this ever changes we will need to re-think
+                // how we deal with cleint certes and probably also remove "disable CA5359".
+                // Doing full validation brings its own problems ... like AIA processing and possibly access to untusted sites.
+                // so that should probably be driven by user configuration.
                 _sslStream = HttpListener.CreateSslStream(new NetworkStream(sock, false), false, (t, c, ch, e) =>
                 {
                     if (c == null)

From 04fdf6885cc74e70a1b3692daad50a71e49d5e0a Mon Sep 17 00:00:00 2001
From: Tomas Weinfurt <tweinfurt@yahoo.com>
Date: Tue, 12 May 2026 10:51:50 -0700
Subject: [PATCH 2/3] Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 .../src/System/Net/Managed/HttpConnection.cs                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs b/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
index 434c9daaab333d..f3d4455bf2d2d1 100644
--- a/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
+++ b/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
@@ -85,8 +85,8 @@ public HttpConnection(Socket sock, HttpEndPointListener epl, bool secure, X509Ce
             {
 #pragma warning disable CA5359
                 // This part is actually never called because LoadCertificateAndKey always returns null
-                // and for managed implementtion we never negotiate TLS. If this ever changes we will need to re-think
-                // how we deal with cleint certes and probably also remove "disable CA5359".
+                // and for managed implementation we never negotiate TLS. If this ever changes we will need to re-think
+                // how we deal with client certes and probably also remove "disable CA5359".
                 // Doing full validation brings its own problems ... like AIA processing and possibly access to untusted sites.
                 // so that should probably be driven by user configuration.
                 _sslStream = HttpListener.CreateSslStream(new NetworkStream(sock, false), false, (t, c, ch, e) =>

From 437d705907a78d5bae9f2e391aa58ea677a43ae7 Mon Sep 17 00:00:00 2001
From: Tomas Weinfurt <tweinfurt@yahoo.com>
Date: Tue, 12 May 2026 16:13:45 -0700
Subject: [PATCH 3/3] Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 .../src/System/Net/Managed/HttpConnection.cs                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs b/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
index f3d4455bf2d2d1..34373ca8088e4e 100644
--- a/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
+++ b/src/libraries/System.Net.HttpListener/src/System/Net/Managed/HttpConnection.cs
@@ -86,8 +86,8 @@ public HttpConnection(Socket sock, HttpEndPointListener epl, bool secure, X509Ce
 #pragma warning disable CA5359
                 // This part is actually never called because LoadCertificateAndKey always returns null
                 // and for managed implementation we never negotiate TLS. If this ever changes we will need to re-think
-                // how we deal with client certes and probably also remove "disable CA5359".
-                // Doing full validation brings its own problems ... like AIA processing and possibly access to untusted sites.
+                // how we deal with client certs and probably also remove "disable CA5359".
+                // Doing full validation brings its own problems ... like AIA processing and possibly access to untrusted sites.
                 // so that should probably be driven by user configuration.
                 _sslStream = HttpListener.CreateSslStream(new NetworkStream(sock, false), false, (t, c, ch, e) =>
                 {