Skip to content

Commit e0ff1a1

Browse files
jeffhandleyjeffhandley
authored
Add known issue for Certificate Issues on macOS 15 ("Sequoia") (#9504)
1 parent 04942b9 commit e0ff1a1

File tree

3 files changed

+68
-0
lines changed

3 files changed

+68
-0
lines changed

release-notes/6.0/known-issues.md

+20
Original file line numberDiff line numberDiff line change
@@ -190,3 +190,23 @@ This happened because WPF builds in 6.0.7 onwards, only considered source genera
190190
</ItemGroup>
191191
</Target>
192192
```
193+
194+
## Certificate Issues on macOS 15 ("Sequoia")
195+
196+
### Summary
197+
198+
The `CopyWithPrivateKey` methods that combine a certificate with its associated private key fail on macOS 15 when using in-memory (ephemeral) keys. This failure is most commonly seen when creating new certificates via `CertificateRequest.CreateSelfSigned` or when loading a certificate and key from a PEM file (or files) with `X509Certificate2.CreateFromPem`, which utilize the affected methods.
199+
200+
Callers of these methods on macOS 15 ("Sequoia") will receive a `CryptographicException`, specifically `Interop+AppleCrypto+AppleCommonCryptoCryptographicException: The specified item is no longer valid. It may have been deleted from the keychain.` The `dotnet dev-certs https` command relies on `CertificateRequest.CreateSelfSigned` and fails with this error.
201+
202+
This issue is addressed in the upcoming .NET 6.0.34 release, scheduled for release in October 2024.
203+
204+
### Root Cause
205+
206+
macOS 15 uses a different status code to indicate a key is not in a Keychain than prior versions do.
207+
208+
### Workarounds
209+
210+
If you have not already upgraded to macOS 15 from a prior version and use .NET, you are not impacted by this issue. If you are planning to upgrade to macOS 15, the workaround is to upgrade to .NET 6.0.34 (scheduled for October 2024) prior to upgrading to macOS 15.
211+
212+
Loading a certificate and its associated private key from a PKCS#12/PFX are not affected. If you are using an application that supports loading a certificate (and associated private key) by either PFX or PEM, converting your PEM contents to PFX - and updating configuration appropriately - may unblock you.

release-notes/8.0/known-issues.md

+20
Original file line numberDiff line numberDiff line change
@@ -15,3 +15,23 @@ Some analyzers and source generators that ship with the SDK took a dependency on
1515
1. Use 17.10 which matches the 8.0.2xx SDK
1616
2. Install the 8.0.1xx SDK and use global.json to pin to it if you have multiple SDKs installed
1717
3. Set BuildWithNetFrameworkHostedCompiler=true in your build. This configures the build to use a matching version of the compiler to your SDK version rather than to your VS version so in this case, it'll use a 4.10 version of Roslyn.
18+
19+
## Certificate Issues on macOS 15 ("Sequoia")
20+
21+
### Summary
22+
23+
The `CopyWithPrivateKey` methods that combine a certificate with its associated private key fail on macOS 15 when using in-memory (ephemeral) keys. This failure is most commonly seen when creating new certificates via `CertificateRequest.CreateSelfSigned` or when loading a certificate and key from a PEM file (or files) with `X509Certificate2.CreateFromPem`, which utilize the affected methods.
24+
25+
Callers of these methods on macOS 15 ("Sequoia") will receive a `CryptographicException`, specifically `Interop+AppleCrypto+AppleCommonCryptoCryptographicException: The specified item is no longer valid. It may have been deleted from the keychain.` The `dotnet dev-certs https` command relies on `CertificateRequest.CreateSelfSigned` and fails with this error.
26+
27+
This issue is addressed in the upcoming .NET 6.0.34 release, scheduled for release in October 2024.
28+
29+
### Root Cause
30+
31+
macOS 15 uses a different status code to indicate a key is not in a Keychain than prior versions do.
32+
33+
### Workarounds
34+
35+
If you have not already upgraded to macOS 15 from a prior version and use .NET, you are not impacted by this issue. If you are planning to upgrade to macOS 15, the workaround is to upgrade to .NET 6.0.34 (scheduled for October 2024) prior to upgrading to macOS 15.
36+
37+
Loading a certificate and its associated private key from a PKCS#12/PFX are not affected. If you are using an application that supports loading a certificate (and associated private key) by either PFX or PEM, converting your PEM contents to PFX - and updating configuration appropriately - may unblock you.

release-notes/9.0/known-issues.md

+28
Original file line numberDiff line numberDiff line change
@@ -54,3 +54,31 @@ NETSDK1060 Error reading assets file: Error loading lock file '...\obj\project.a
5454
To target .NET 9 from Visual Studio, .NET SDK requires the use of Visual Studio 17.12 Preview 2.0 or higher.
5555

5656
An **upcoming Visual Studio 17.11.x** release will restore support for targeting .NET 8 and lower using .NET SDK 9.0.100. A [workaround that can be temporarily checked into affected repositories](https://github.com/dotnet/sdk/issues/43339#issuecomment-2344233994) is available.
57+
58+
## Certificate Issues on macOS 15 ("Sequoia")
59+
60+
### Summary
61+
62+
The `CopyWithPrivateKey` methods that combine a certificate with its associated private key fail on macOS 15 when using in-memory (ephemeral) keys. This failure is most commonly seen when creating new certificates via `CertificateRequest.CreateSelfSigned` or when loading a certificate and key from a PEM file (or files) with `X509Certificate2.CreateFromPem`, which utilize the affected methods.
63+
64+
Callers of these methods on macOS 15 ("Sequoia") will receive a `CryptographicException`, specifically `Interop+AppleCrypto+AppleCommonCryptoCryptographicException: The specified item is no longer valid. It may have been deleted from the keychain.` The `dotnet dev-certs https` command relies on `CertificateRequest.CreateSelfSigned` and fails with this error.
65+
66+
## Certificate Issues on macOS 15 ("Sequoia")
67+
68+
### Summary
69+
70+
The `CopyWithPrivateKey` methods that combine a certificate with its associated private key fail on macOS 15 when using in-memory (ephemeral) keys. This failure is most commonly seen when creating new certificates via `CertificateRequest.CreateSelfSigned` or when loading a certificate and key from a PEM file (or files) with `X509Certificate2.CreateFromPem`, which utilize the affected methods.
71+
72+
Callers of these methods on macOS 15 ("Sequoia") will receive a `CryptographicException`, specifically `Interop+AppleCrypto+AppleCommonCryptoCryptographicException: The specified item is no longer valid. It may have been deleted from the keychain.` The `dotnet dev-certs https` command relies on `CertificateRequest.CreateSelfSigned` and fails with this error.
73+
74+
This issue is addressed in the upcoming .NET 6.0.34 release, scheduled for release in October 2024.
75+
76+
### Root Cause
77+
78+
macOS 15 uses a different status code to indicate a key is not in a Keychain than prior versions do.
79+
80+
### Workarounds
81+
82+
If you have not already upgraded to macOS 15 from a prior version and use .NET, you are not impacted by this issue. If you are planning to upgrade to macOS 15, the workaround is to upgrade to .NET 6.0.34 (scheduled for October 2024) prior to upgrading to macOS 15.
83+
84+
Loading a certificate and its associated private key from a PKCS#12/PFX are not affected. If you are using an application that supports loading a certificate (and associated private key) by either PFX or PEM, converting your PEM contents to PFX - and updating configuration appropriately - may unblock you.

0 commit comments

Comments
 (0)