Address feedback

Author: javiercn

src/Servers/Kestrel/Core/src/Internal/HttpsConnectionAdapter.cs

@@ -195,15 +195,18 @@ await sslStream.AuthenticateAsServerAsync(serverCert, certificateRequired,
                 sslStream.Dispose();
                 return _closedAdaptedConnection;
             }
-            finally
+            catch (NotSupportedException ex)
             {
-                if (!sslStream.IsAuthenticated && (_serverCertificate != null ||
-                    CertificateManager.IsHttpsDevelopmentCertificate(_serverCertificate) ||
-                    !CertificateManager.CheckDeveloperCertificateKey(_serverCertificate)))
+                if (_serverCertificate != null &&
+                    CertificateManager.IsHttpsDevelopmentCertificate(_serverCertificate) &&
+                    !CertificateManager.CheckDeveloperCertificateKey(_serverCertificate))
                 {
-                    _logger?.LogError(3, CoreStrings.BadDeveloperCertificateState);
+                    _logger?.LogError(3, ex, CoreStrings.BadDeveloperCertificateState);
                 }
-
+                throw;
+            }
+            finally
+            {
                 timeoutFeature.CancelTimeout();
             }
 

src/Servers/Kestrel/shared/test/TestResources.cs

@@ -22,5 +22,10 @@ public static X509Certificate2 GetTestCertificate(string certName)
         {
             return new X509Certificate2(GetCertPath(certName), "testPassword");
         }
+
+        public static X509Certificate2 GetTestCertificate(string certName, string password)
+        {
+            return new X509Certificate2(GetCertPath(certName), password);
+        }
     }
 }

src/Servers/Kestrel/test/FunctionalTests/HttpsTests.cs

@@ -256,7 +256,7 @@ public async Task DevCertWithInvalidPrivateKeyProducesCustomWarning()
                 .AddSingleton(LoggerFactory)
                 .BuildServiceProvider();
 
-            var serverCertificate = new X509Certificate2(TestResources.GetTestCertificate().Export(X509ContentType.Cert));
+            var serverCertificate = new X509Certificate2(TestResources.GetTestCertificate("aspnetdevcert.pfx", "aspnetdevcert").Export(X509ContentType.Cert));
             listenOptions.UseHttps(serverCertificate);
             using (var server = new TestServer(context => Task.CompletedTask,
                 new TestServiceContext(LoggerFactory),

src/Tools/dotnet-dev-certs/src/Program.cs

@@ -196,7 +196,7 @@ private static int EnsureHttpsCertificate(CommandOption exportPath, CommandOptio
 
             if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && manager.HasValidCertificateWithInnaccessibleKeyAcrossPartitions() || manager.GetHttpsCertificates().Count == 0)
             {
-                reporter.Warn($"We didn't find a valid HTTPS certificate with a key accessible across security partitions. We will run the following command:" + Environment.NewLine +
+                reporter.Warn($"A valid HTTPS certificate with a key accessible across security partitions was not found. The following command will run to fix it:" + Environment.NewLine +
                     "'sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9'" + Environment.NewLine +
                     "This command will make the certificate key accessible across security partitions and might prompt you for your password. For more information see: https://aka.ms/aspnetcore/2.1/troubleshootcertissues");
             }