locked
.NET Framework 4.6 and X509Certificate brakes all our builds RRS feed

  • Question

  • We are in process of upgrading our projects to .NET Framework 4.6. It looks like some classes in X509Certificates namespaces are now disposable (X509Certificate, X509Store, X509Chain). And since we run code analysis on all our builds and we have "Treat warnings as errors", all our builds are broken.

    Monday, November 2, 2015 4:23 PM

All replies

  • Hi Alex,

    >> It looks like some classes in X509Certificates namespaces are now disposable (X509Certificate, X509Store, X509Chain).

    No, we can check from MSDN documents(X509Certificate, X509Store, X509Chain). All of them are support

    NET Framework 4.6 and 4.5. So it's not out of date.

    >>And since we run code analysis on all our builds and we have "Treat warnings as errors", all our builds are broken.

    Since you used .NET Framework 4.6, I would suggest you recreate your projects and use the latest version (VS2015+.Net Framework4.6) to test again.

    Please also note your App.config file, here is what I tested.

    <configuration>
        <startup> 
            <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6" />
        </startup>
    </configuration>

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by Kristin Xie Friday, November 20, 2015 9:50 AM
    • Unproposed as answer by Alex V. Ivanoff Friday, November 20, 2015 4:12 PM
    Tuesday, November 3, 2015 2:37 AM
  • You misread my question. in .NET Framework 4.5 and earlier X509Certificate and friends were not disposable, in .NET 4.6 they are, which now triggers CA2000:DisposeObjectsBeforeLosingScope FxCop rule.
    Friday, November 20, 2015 4:16 PM
  • They need to release unmanaged resource (i.e.: resources that are not native to .NET framework) so they're implementing that. If you don't want it to be dispose, just create a reference to hold it and it'll live as long as your object lives.

    In many cases, holding it with private variable in the class is enough. And for WinForm applications that you'll create it exactly once and reuse it, it could be good idea to hold it in a static field / variable. Using readonly could be nice too.

    (Note, don't use it as static if the value is not intend to be the same across different user requests. Always use private non-static member to read/write value to session when need to stored security related information in class on web.)

    Monday, November 23, 2015 3:03 AM
    Answerer
  • Ok, I will try to say it different way. By making X509Certificate class and friends disposable in .NET Framework 4.6 Microsoft introduced a breaking change: https://msdn.microsoft.com/en-us/library/ms182172.aspx.

    Monday, November 23, 2015 3:23 AM
  • The error pretty much explains itself. Since you're using X509Certificate that implements IDisposible, your classes that uses it and store it in field(s) have to implement IDisposible to .Dispose() it in .Dispose() method of the container class too.

    So what is the problem?

    Monday, November 23, 2015 3:34 AM
    Answerer
  • The problem is that in .NET Framework 4.5 and earlier there was no error (X509Certificate was not disposable), and in 4.6 there is (X509Certificate is disposable). Hence the breaking change. Do you not see the problem?
    Monday, November 23, 2015 6:14 AM
  • I don't see there is serious problem. The classes which need to fix is well defined, and fix merely involves copy and paste the fixing code from your linked page only.

    This is much much easier to fix than the EnableViewstateMac change introduced in v4.5.1 to v4.5.2 which requires each page broken be assessed individually, and there's no indicator from code to indicate which page will break.

    Note that runtime upgrades will break code.


    Monday, November 23, 2015 11:40 AM
    Answerer