Skip to content

DOC-10988: Csharp 3rd Party Limitations Relnotes #807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: release/3.1
Choose a base branch
from
+54 −1
Open

DOC-10988: Csharp 3rd Party Limitations Relnotes #807

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 54 additions & 1 deletion ...s/csharp/partials/release-notes/couchbase-mobile-csharp-release-note.3.1.0.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,60 @@ include::ROOT:cbl-whatsnew.adoc[tag=scopes-and-collections]

=== Known Issues

None for this release
The following Third Party limitations apply for this version.

==== Using `TLSIdentity` with .NET 6 iOS and Mac Catalyst

In order to be able to use the `TLSIdentity` class, you must:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add a small correction here. You can still use the TLSIdentity.GetIdentity(X509Certificate2Collection) method, but that is the only one. The limitation here is for asking Couchbase Lite to perform cert / key storage on the user's behalf, whereas this method is for using a cert and key that they manage themselves.

In order to be able to fully use the TLSIdentity class, you must perform a series of steps. Without these steps the only API available will be TLSIdentity.GetIdentity(X509Certificate2Collection). To use the rest of the API, you must:


* sign the app (even for iOS simulator)

* include an Entitlements.plist file containing the following:
+
[source,xml]
----
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
</array>
</dict>
</plist>
----

* Include the following in your `csproj`:
+
[source,xml]
----
<CodesignProvision>Automatic</CodesignProvision>
<EnableCodeSigning>true</EnableCodeSigning>
----

* You may also require the following for iOS simulator targets to disable signature verification at build time:
+
[source,xml]
----
<_RequireCodeSigning>false</_RequireCodeSigning>
----

==== TLS connections with Android

Due to .NET runtime limitations
(issues https://github.com/dotnet/runtime/issues/45741[45741] and https://github.com/dotnet/runtime/issues/84202[84202])
any TLS connection that is not trusted by the underlying Android OS will be rejected for connection.
This means that self signed and pinned certificates will not work.

You can work around this in part by using https://developer.android.com/training/articles/security-config[network security config] to add a trust rule for the situation.

However:

* An intermediate pinned certificate will not function on this platform.
Use an exact pinned certificate instead.
* You cannot use dynamically created certs (such as those created using `TLSIdentity.CreateIdentity`) as there is no way to add them to the network security configuration at runtime.


=== Deprecations

Expand Down