diff --git a/src/KubernetesClient/CertUtils.cs b/src/KubernetesClient/CertUtils.cs index 21f369927..347771417 100644 --- a/src/KubernetesClient/CertUtils.cs +++ b/src/KubernetesClient/CertUtils.cs @@ -36,7 +36,10 @@ public static X509Certificate2Collection LoadPemFileCert(string file) // foreach (Org.BouncyCastle.X509.X509Certificate cert in certs) { - certCollection.Add(new X509Certificate2(cert.GetEncoded())); + // This null password is to change the constructor to fix this KB: + // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b + string nullPassword = null; + certCollection.Add(new X509Certificate2(cert.GetEncoded(), nullPassword)); } #endif } @@ -96,13 +99,17 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config) // see https://github.com/kubernetes-client/csharp/issues/737 if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { + // This null password is to change the constructor to fix this KB: + // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b + string nullPassword = null; + if (config.ClientCertificateKeyStoreFlags.HasValue) { - cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), "", config.ClientCertificateKeyStoreFlags.Value); + cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword, config.ClientCertificateKeyStoreFlags.Value); } else { - cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12)); + cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword); } } @@ -172,13 +179,17 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config) store.Save(pkcs, new char[0], new SecureRandom()); + // This null password is to change the constructor to fix this KB: + // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b + string nullPassword = null; + if (config.ClientCertificateKeyStoreFlags.HasValue) { - return new X509Certificate2(pkcs.ToArray(), "", config.ClientCertificateKeyStoreFlags.Value); + return new X509Certificate2(pkcs.ToArray(), nullPassword, config.ClientCertificateKeyStoreFlags.Value); } else { - return new X509Certificate2(pkcs.ToArray()); + return new X509Certificate2(pkcs.ToArray(), nullPassword); } #endif } diff --git a/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs b/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs index 85085838c..6c2c7be4d 100644 --- a/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs +++ b/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs @@ -308,8 +308,11 @@ private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext { if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData)) { + // This null password is to change the constructor to fix this KB: + // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b + string nullPassword = null; var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData; - SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data))); + SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword)); } else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority)) {