Details
-
New Feature
-
Resolution: Unresolved
-
Major
-
3.1.x
-
None
Description
For .NET 6 Couchbase Lite we need a "quirks" section for .NET 6 iOS and Mac Catalyst and a "limitations" section for .NET 6 Android. I leave it up to you as to where to put these, but they are as follows:
.NET 6 iOS and Mac Catalyst Quirks:
In order to be able to use the TLSIdentity class, some Apple entitlements are needed. This means that the app must be signed (even for iOS simulator) and include an Entitlements.plist file containing the following:
<?xml version="1.0" encoding="UTF-8"?>
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
<plist version="1.0">
|
<dict>
|
<key>keychain-access-groups</key>
|
<array>
|
<string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
|
</array>
|
</dict>
|
</plist>
|
In order to ensure that signing properly takes place, the following should be present in your csproj as well:
<CodesignProvision>Automatic</CodesignProvision>
|
<EnableCodeSigning>true</EnableCodeSigning>
|
The following is usually required for iOS simulator targets to disable signature verification at build time:
<_RequireCodeSigning>false</_RequireCodeSigning>
.NET 6 Android Limitations:
Due to .NET runtime limitations (https://github.com/dotnet/runtime/issues/45741 and https://github.com/dotnet/runtime/issues/84202) any TLS connection that is not trusted by the underlying Android OS will be rejected for connection. This means that self signed and pinned certificates will not work. This can be worked around by using network security config (https://developer.android.com/training/articles/security-config) to add a trust rule for the situation. However, unfortunately this cannot completely solve pinned certificates due to the second issue above. An intermediate pinned certificate will not function on this platform (but an exact pinned certificate will). Furthermore, dynamically created certs (like those created using TLSIdentity.CreateIdentity) will not be usable since there is no way to add them to the network security configuration at runtime.