other/BitBetter
1
0
Fork 0
mirror of https://github.com/jakeswenson/BitBetter.git synced 2026-06-04 02:23:39 +00:00
Code Issues Projects Releases Wiki Activity

Update to .NET 10.0 and fix certificate validation for Bitwarden server 2026.5.0 (#282)

Browse Source 
* Update to .NET 10.0 for Bitwarden server 2026.5.0 compatibility

Bitwarden server 2026.5.0 ships with .NET 10.0 runtime only, breaking
the fast-patch build. This commit updates all .NET projects and build
pipelines to target net10.0 and the dotnet/sdk:10.0 image.

Additionally:
- Replace obsolete X509Certificate2(byte[]) constructors with
  X509CertificateLoader.LoadCertificate() / LoadPkcs12FromFile()
  to resolve SYSLIB0057 warnings introduced in .NET 9/10
- Add -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 to
  generate-keys.sh PKCS#12 export, fixing OpenSSL 3.x errors caused
  by the deprecated RC2-40-CBC legacy algorithm
- Update FixRuntimeConfig fallback framework version to 10.0.0

Fixes #281

Signed-off-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>

* Fix certificate validation by replacing all thumbprint occurrences

Bitwarden's LicensingService performs two validation checks:
1. Validates _creationCertificate thumbprint
2. Validates all certificates in _verificationCertificates

The thumbprint constants are inlined at compile time, creating multiple
Ldstr instructions in the IL code. The patcher was only replacing the
first occurrence, causing the second validation to fail with:
'Invalid license verifying certificate.'

This fix replaces ALL occurrences of the old thumbprint to ensure both
validation checks pass.

Fixes runtime error: 'Invalid license verifying certificate'

---------

Signed-off-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>
Co-authored-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>
This commit is contained in:
Pascal Pothmann
2026-06-03 21:57:45 +02:00
committed by GitHub
parent 9962717481
commit 8def331bb6
9 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.keys/generate-keys.sh
View File

@@ -15,6 +15,6 @@ DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /us
# Generate new keys
openssl req -x509 -newkey rsa:4096 -keyout "$DIR/key.pem" -out "$DIR/cert.cert" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test
openssl x509 -inform DER -in "$DIR/cert.cert" -out "$DIR/cert.pem"
openssl pkcs12 -export -out "$DIR/cert.pfx" -inkey "$DIR/key.pem" -in "$DIR/cert.pem" -passin pass:test -passout pass:test
openssl pkcs12 -export -out "$DIR/cert.pfx" -inkey "$DIR/key.pem" -in "$DIR/cert.pem" -passin pass:test -passout pass:test -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256
ls