.NET 10 build fixes

.github/actions/build/action.yml

@@ -16,6 +16,11 @@ inputs:
     default: "ice.proj"
     type: string
 
+  msbuild_command:
+    description: "The msbuild command to use"
+    default: "msbuild /m"
+    type: string
+
   build_cpp_and_python:
     description: "Build C++ and Python"
     type: choice
@@ -67,6 +72,6 @@ runs:
 
     - name: Build
       working-directory: ${{ inputs.working_directory }}
-      run: msbuild /m ${{ inputs.build_flags }} ${{ inputs.msbuild_project }}
+      run: ${{ inputs.msbuild_command }} ${{ inputs.build_flags }} ${{ inputs.msbuild_project }}
       shell: powershell
       if: runner.os == 'Windows'

.github/actions/setup-dotnet/action.yml

@@ -1,8 +1,21 @@
 name: Setup .NET
+
+inputs:
+  include_net10:
+    description: "Include .NET 10"
+    default: "false"
+
 runs:
   using: "composite"
   steps:
     - name: Setup .NET 8
       uses: actions/setup-dotnet@v4
       with:
         dotnet-version: 8.x
+
+    - name: Setup .NET 10
+      if: inputs.include_net10 == 'true'
+      uses: actions/setup-dotnet@v4
+      with:
+        quality: preview
+        dotnet-version: 10.x

.github/workflows/ci.yml

@@ -110,6 +110,31 @@ jobs:
             build_cpp_and_python: true
             build_android_controller: true
 
+          # .NET 10.0
+          - os: ubuntu-24.04
+            config: ".NET10"
+            working_directory: "csharp"
+            net_target_framework: "net10.0"
+            test_flags: "--target-framework=net10.0"
+            build_cpp_and_python: true
+
+          - os: windows-2025
+            config: ".NET10"
+            working_directory: "csharp"
+            msbuild_command: "dotnet msbuild"
+            build_flags: "/p:Platform=x64"
+            msbuild_project: "msbuild/ice.proj"
+            net_target_framework: "net10.0"
+            test_flags: "--target-framework=net10.0"
+            build_cpp_and_python: true
+
+          - os: macos-26
+            config: ".NET10"
+            working_directory: "csharp"
+            net_target_framework: "net10.0"
+            test_flags: "--target-framework=net10.0"
+            build_cpp_and_python: true
+
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout repository
@@ -133,6 +158,8 @@ jobs:
 
       - name: Setup .NET
         uses: ./.github/actions/setup-dotnet
+        with:
+          include_net10: ${{ matrix.net_target_framework == 'net10.0' }}
 
       - name: Setup Java
         uses: ./.github/actions/setup-java
@@ -179,6 +206,12 @@ jobs:
           echo "EnableAnalysis=true" >> $env:GITHUB_ENV
         shell: pwsh
 
+      - name: .NET Target Framework
+        if: matrix.net_target_framework == 'net10.0'
+        run: |
+          echo "AppTargetFramework=net10.0" >> $env:GITHUB_ENV
+        shell: pwsh
+
       - name: Build ${{ matrix.config }} on ${{ matrix.os }}
         uses: ./.github/actions/build
         timeout-minutes: 90
@@ -187,6 +220,7 @@ jobs:
           build_cpp_and_python: ${{ matrix.build_cpp_and_python || false }}
           build_android_controller: ${{ matrix.build_android_controller || false }}
           build_flags: ${{ matrix.build_flags || '' }}
+          msbuild_command: ${{ matrix.msbuild_command || 'msbuild /m' }}
           msbuild_project: ${{ matrix.msbuild_project || 'ice.proj' }}
 
       - name: Install testing dependencies from pip

csharp/msbuild/CodeAnalysis.Src.globalconfig

@@ -1,9 +1,6 @@
 global_level = 110
 is_global = true
 
-# CA1515: Because an application's API isn't typically referenced from outside the assembly, types can be made internal
-dotnet_diagnostic.CA1515.severity = none
-
 # CA1849: Call async methods when in an async method
 dotnet_diagnostic.CA1849.severity = none
 

csharp/msbuild/CodeAnalysis.Tests.globalconfig

@@ -32,3 +32,6 @@ dotnet_diagnostic.CA1016.severity = none
 
 # CA2008: Do not create tasks without passing a TaskScheduler
 dotnet_diagnostic.CA2008.severity = none
+
+# CA1515: Because an application's API isn't typically referenced from outside the assembly, types can be made internal
+dotnet_diagnostic.CA1515.severity = none

csharp/src/Ice/Ice.csproj

@@ -31,4 +31,9 @@
     <Content Include="@(SliceCompile)" Pack="true" PackagePath="/slice/Ice"/>
     <Content Include="ZeroC.Ice.props" Pack="true" PackagePath="buildTransitive/" />
   </ItemGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.*" />
+  </ItemGroup>
 </Project>

csharp/src/Ice/SSL/SSLEngine.cs

@@ -58,7 +58,7 @@ internal void initialize()
         // If IceSSL.CertFile is defined, load a certificate from a file and add it to the collection.
         _certs = [];
         string certFile = properties.getIceProperty("IceSSL.CertFile");
-        string passwordStr = properties.getIceProperty("IceSSL.Password");
+        string password = properties.getIceProperty("IceSSL.Password");
         string findCert = properties.getIceProperty("IceSSL.FindCert");
 
         if (certFile.Length > 0)
@@ -81,15 +81,10 @@ internal void initialize()
                     importFlags = X509KeyStorageFlags.UserKeySet;
                 }
 
-                if (passwordStr.Length > 0)
-                {
-                    using SecureString password = createSecureString(passwordStr);
-                    cert = new X509Certificate2(certFile, password, importFlags);
-                }
-                else
-                {
-                    cert = new X509Certificate2(certFile, (string)null, importFlags);
-                }
+                cert = X509CertificateLoader.LoadPkcs12FromFile(
+                    certFile,
+                    password.Length > 0 ? password : null,
+                    importFlags | X509KeyStorageFlags.Exportable);
                 _certs.Add(cert);
             }
             catch (CryptographicException ex)
@@ -137,8 +132,8 @@ internal void initialize()
 
                 if (_caCerts.Count == 0)
                 {
-                    // Fallback to Import which handles DER/PFX.
-                    _caCerts.Import(certAuthFile);
+                    // Fallback to LoadCertificateFromFile loads a single certificate in either DER or PEM format.
+                    _caCerts.Add(X509CertificateLoader.LoadCertificateFromFile(certAuthFile));
                 }
             }
             catch (Exception ex)
@@ -175,9 +170,7 @@ internal void traceStream(SslStream stream, string connInfo)
         s.Append("\nencrypted = " + (stream.IsEncrypted ? "yes" : "no"));
         s.Append("\nsigned = " + (stream.IsSigned ? "yes" : "no"));
         s.Append("\nmutually authenticated = " + (stream.IsMutuallyAuthenticated ? "yes" : "no"));
-        s.Append("\nhash algorithm = " + stream.HashAlgorithm + "/" + stream.HashStrength);
-        s.Append("\ncipher algorithm = " + stream.CipherAlgorithm + "/" + stream.CipherStrength);
-        s.Append("\nkey exchange algorithm = " + stream.KeyExchangeAlgorithm + "/" + stream.KeyExchangeStrength);
+        s.Append("\ncipher = " + stream.NegotiatedCipherSuite);
         s.Append("\nprotocol = " + stream.SslProtocol);
         _logger.trace(_securityTraceCategory, s.ToString());
     }
@@ -337,7 +330,7 @@ private static X509Certificate2Collection findCertificates(
         {
             try
             {
-                store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), name, true), storeLocation);
+                store = new X509Store(Enum.Parse<StoreName>(name, true), storeLocation);
             }
             catch (ArgumentException)
             {
@@ -500,16 +493,6 @@ private static X509Certificate2Collection findCertificates(
         return result;
     }
 
-    private static SecureString createSecureString(string s)
-    {
-        var result = new SecureString();
-        foreach (char ch in s)
-        {
-            result.AppendChar(ch);
-        }
-        return result;
-    }
-
     private bool checkPath(ref string path)
     {
         if (File.Exists(path))

csharp/src/Ice/SSL/TransceiverI.cs

@@ -53,7 +53,7 @@ public int initialize(Ice.Internal.Buffer readBuffer, Ice.Internal.Buffer writeB
         Debug.Assert(_sslStream.IsAuthenticated);
         _authenticated = true;
 
-        _cipher = _sslStream.CipherAlgorithm.ToString();
+        _cipher = _sslStream.NegotiatedCipherSuite.ToString();
         _instance.verifyPeer((ConnectionInfo)getInfo(_incoming, _adapterName, connectionId: ""), ToString());
 
         if (_instance.securityTraceLevel() >= 1)
@@ -422,7 +422,7 @@ private void finishAuthenticate()
                 // If authentication fails the task throws AuthenticationException.
                 _writeResult.Wait();
                 _verified = true;
-                _cipher = _sslStream.CipherAlgorithm.ToString();
+                _cipher = _sslStream.NegotiatedCipherSuite.ToString();
             }
             catch (AggregateException ex)
             {

csharp/src/Ice/UtilInternal/StringUtil.cs

@@ -693,9 +693,7 @@ public static bool match(string s, string pat, bool emptyMatch)
         //
         // Make sure end of the strings match
         //
-        if (!s[endIndex..].Equals(
-               pat.Substring(beginIndex + 1, pat.Length - beginIndex - 1),
-               StringComparison.Ordinal))
+        if (!s[endIndex..].Equals(pat[(beginIndex + 1)..], StringComparison.Ordinal))
         {
             return false;
         }

csharp/src/iceboxnet/Server.cs

@@ -2,7 +2,7 @@
 
 namespace IceBox;
 
-public static class Server
+internal static class Server
 {
     private static void usage()
     {

csharp/test/IceSSL/configuration/AllTests.cs

@@ -100,8 +100,8 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
         //
         string caCert1File = defaultDir + "/ca1/ca1_cert.pem";
         string caCert2File = defaultDir + "/ca2/ca2_cert.pem";
-        using var caCert1 = new X509Certificate2(caCert1File);
-        using var caCert2 = new X509Certificate2(caCert2File);
+        using X509Certificate2 caCert1 = X509CertificateLoader.LoadCertificateFromFile(caCert1File);
+        using X509Certificate2 caCert2 = X509CertificateLoader.LoadCertificateFromFile(caCert2File);
 
         var store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
         bool isAdministrator = false;
@@ -268,11 +268,14 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
                     ServerPrx server = fact.createServer(d);
                     try
                     {
-                        using var clientCert = new X509Certificate2(defaultDir + "/ca1/client.p12", "password");
+                        using X509Certificate2 clientCert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + "/ca1/client.p12", "password");
                         server.checkCert(clientCert.Subject, clientCert.Issuer);
 
-                        using var serverCert = new X509Certificate2(defaultDir + "/ca1/server.p12", "password");
-                        using var caCert = new X509Certificate2(defaultDir + "/ca1/ca1_cert.pem");
+                        using X509Certificate2 serverCert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + "/ca1/server.p12", "password");
+                        using X509Certificate2 caCert =
+                            X509CertificateLoader.LoadCertificateFromFile(defaultDir + "/ca1/ca1_cert.pem");
 
                         var info = (Ice.SSL.ConnectionInfo)server.ice_getConnection().getInfo();
                         test(info.certs.Length == 1);
@@ -295,7 +298,8 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
                     server = fact.createServer(d);
                     try
                     {
-                        using var clientCert = new X509Certificate2(defaultDir + "/ca1/client.p12", "password");
+                        using X509Certificate2 clientCert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + "/ca1/client.p12", "password");
                         server.checkCert(clientCert.Subject, clientCert.Issuer);
                     }
                     catch (Exception ex)
@@ -1496,7 +1500,8 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
                 {
                     foreach (string certPath in certificates)
                     {
-                        using var cert = new X509Certificate2(defaultDir + certPath, "password", storageFlags);
+                        using X509Certificate2 cert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + certPath, "password", storageFlags);
                         certStore.Add(cert);
                     }
 
@@ -1558,7 +1563,8 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
                 {
                     foreach (string certPath in certificates)
                     {
-                        using var cert = new X509Certificate2(defaultDir + certPath, "password");
+                        using X509Certificate2 cert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + certPath, "password");
                         certStore.Remove(cert);
                     }
                     certStore.Close();