Skip to content

Commit 3edf256

Browse files
weng5eweng5e
authored
Change X509Certificate2 constructor to fix KB (#1343)
1 parent dfa5cc9 commit 3edf256

File tree

2 files changed

+20
-6
lines changed

2 files changed

+20
-6
lines changed

src/KubernetesClient/CertUtils.cs

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,10 @@ public static X509Certificate2Collection LoadPemFileCert(string file)
3636
//
3737
foreach (Org.BouncyCastle.X509.X509Certificate cert in certs)
3838
{
39-
certCollection.Add(new X509Certificate2(cert.GetEncoded()));
39+
// This null password is to change the constructor to fix this KB:
40+
// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
41+
string nullPassword = null;
42+
certCollection.Add(new X509Certificate2(cert.GetEncoded(), nullPassword));
4043
}
4144
#endif
4245
}
@@ -96,13 +99,17 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
9699
// see https://github.com/kubernetes-client/csharp/issues/737
97100
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
98101
{
102+
// This null password is to change the constructor to fix this KB:
103+
// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
104+
string nullPassword = null;
105+
99106
if (config.ClientCertificateKeyStoreFlags.HasValue)
100107
{
101-
cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), "", config.ClientCertificateKeyStoreFlags.Value);
108+
cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword, config.ClientCertificateKeyStoreFlags.Value);
102109
}
103110
else
104111
{
105-
cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12));
112+
cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword);
106113
}
107114
}
108115

@@ -172,13 +179,17 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
172179

173180
store.Save(pkcs, new char[0], new SecureRandom());
174181

182+
// This null password is to change the constructor to fix this KB:
183+
// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
184+
string nullPassword = null;
185+
175186
if (config.ClientCertificateKeyStoreFlags.HasValue)
176187
{
177-
return new X509Certificate2(pkcs.ToArray(), "", config.ClientCertificateKeyStoreFlags.Value);
188+
return new X509Certificate2(pkcs.ToArray(), nullPassword, config.ClientCertificateKeyStoreFlags.Value);
178189
}
179190
else
180191
{
181-
return new X509Certificate2(pkcs.ToArray());
192+
return new X509Certificate2(pkcs.ToArray(), nullPassword);
182193
}
183194
#endif
184195
}

src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -308,8 +308,11 @@ private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext
308308
{
309309
if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
310310
{
311+
// This null password is to change the constructor to fix this KB:
312+
// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
313+
string nullPassword = null;
311314
var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
312-
SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data)));
315+
SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword));
313316
}
314317
else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
315318
{

0 commit comments

Comments
 (0)