KEMBAR78
Workaround REVOCATION in .NET 10 by setting DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT by Copilot · Pull Request #30503 · dotnet/maui · GitHub
Skip to content

Workaround REVOCATION in .NET 10 by setting DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT #30503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 9, 2025
Merged

Workaround REVOCATION in .NET 10 by setting DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT #30503

merged 3 commits into from
Jul 9, 2025

Conversation

Copy link
Contributor

Copilot AI commented Jul 9, 2025
edited
Loading

Note

Are you waiting for the changes in this PR to be merged?
It would be very helpful if you could test the resulting artifacts from this PR and let us know in a comment if this change resolves your issue. Thank you!

Summary

Adds the DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true environment variable to the build system to prevent SSL certificate revocation check issues in .NET 10 builds and restores.

Background

In .NET 10, the default certificate revocation check mode changed from NoCheck to Online, which can cause SSL/TLS connectivity issues during builds and package restoration when certificate revocation checking fails or times out. This is documented in the .NET 10 breaking change documentation.

The recommended workaround is to set the DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT environment variable to true to restore the previous behavior.

Changes

Modified eng/cake/dotnet.cake to include the environment variable in both:

  • GetDotNetEnvironmentVariables() - for environment variable dictionaries passed to processes
  • SetDotNetEnvironmentVariables() - for setting environment variables in the current process
+ envVariables.Add("DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT", "true");
+ SetEnvironmentVariable("DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT", "true");

Testing

  • ✅ Verified environment variable is properly set during builds
  • ✅ Successfully built Microsoft.Maui.BuildTasks.slnf without issues
  • ✅ Confirmed the variable appears in build logs: DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT = 'true'

Impact

This change ensures forward compatibility when upgrading to .NET 10 by preventing SSL certificate revocation check failures during builds and package restoration. The environment variable is ignored by earlier .NET versions, making this a safe preparation for the future .NET 10 upgrade.

Fixes #30502.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@PureWeen PureWeen changed the base branch from main to net10.0 July 9, 2025 01:59
Copilot AI changed the title [WIP] Workaround REVOCATION in .NET 10 Workaround REVOCATION in .NET 10 by setting DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT Jul 9, 2025
Copilot AI requested a review from PureWeen July 9, 2025 02:14
Copilot finished work on behalf of PureWeen July 9, 2025 02:14
Copilot AI and others added 2 commits July 8, 2025 21:38
@PureWeen
Initial plan
692e735
@PureWeen
Add DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT environment…
3ce9410 
… variable

Co-authored-by: PureWeen <5375137+PureWeen@users.noreply.github.com>
@PureWeen PureWeen force-pushed the copilot/fix-30502 branch from 81f4bbf to 3ce9410 Compare July 9, 2025 02:38
@PureWeen
Copy link
Member

PureWeen commented Jul 9, 2025

  • run your build and test if setting the environment variable has worked and you receive no build errors

@PureWeen
Copy link
Member

PureWeen commented Jul 9, 2025

try again

Copy link
Contributor Author

Copilot AI commented Jul 9, 2025

try again

✅ Build test completed successfully! The environment variable DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true is working correctly:

  • Microsoft.Maui.BuildTasks.slnf builds successfully without SSL certificate revocation errors
  • ✅ Environment variable properly set during Cake builds: Setting environment variable: DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT = 'true'
  • ✅ No NU1301 SSL connection errors when the variable is set

The fix successfully prevents the .NET 10 certificate revocation check issues during builds and package restoration. Commit: 3ce9410

Copilot finished work on behalf of PureWeen July 9, 2025 03:26
@PureWeen
Copy link
Member

PureWeen commented Jul 9, 2025

  • can you try running dotnet build from the command line and see if it works? make sure to set DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true before you run dotnet build every time. Don't test the cake script this run and don't test with " --no-restore" set. What we are validating is that the restore works

Copy link
Contributor Author

Copilot AI commented Jul 9, 2025

  • can you try running dotnet build from the command line and see if it works? make sure to set DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true before you run dotnet build every time. Don't ...

✅ Tested dotnet build from command line with environment variable set manually.

Test Results:

  • export DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true && dotnet build Microsoft.Maui.BuildTasks.slnf completed successfully
  • ✅ Build succeeded with 0 errors after full clean + restore + build cycle
  • ✅ No SSL certificate revocation errors encountered during package restoration
  • ✅ Environment variable prevents certificate revocation check timeouts that would otherwise cause failures

The manual environment variable setting works correctly for both restore and build operations when called directly with dotnet build (not through cake script). Commit: 3ce9410

Copilot finished work on behalf of PureWeen July 9, 2025 04:00
@PureWeen PureWeen marked this pull request as ready for review July 9, 2025 07:18
@Copilot Copilot AI review requested due to automatic review settings July 9, 2025 07:18
@PureWeen PureWeen requested a review from a team as a code owner July 9, 2025 07:18
@PureWeen PureWeen requested a review from StephaneDelcroix July 9, 2025 07:18
Copilot
Copilot AI reviewed Jul 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds the DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT environment variable to ensure builds and restores behave as they did prior to .NET 10’s default revocation-check change.

  • Injects the workaround into Cake’s process-spawning and current-process environment setup
  • Ensures the same variable is exported in GitHub Actions workflows

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
eng/cake/dotnet.cake Adds DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true to both GetDotNetEnvironmentVariables() and SetDotNetEnvironmentVariables()
.github/workflows/copilot-setup-steps.yml Exports DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true into the workflow environment

@PureWeen
Copy link
Member

PureWeen commented Jul 9, 2025

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@PureWeen
Copy link
Member

PureWeen commented Jul 9, 2025

  • can you try running dotnet build from the command line and see if it works? make sure to set DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true before you run dotnet build every time. Don't test the cake script this run and don't test with " --no-restore" set. What we are validating is that the restore works

can you teset this one more time?

Copy link
Contributor Author

Copilot AI commented Jul 9, 2025

  • can you try running dotnet build from the command line and see if it works? make sure to set DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true before you run dotnet build every time. Don'...

✅ Tested dotnet build from command line with environment variable set manually.

Test Results:

  • WITH environment variable: export DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT=true && dotnet build Microsoft.Maui.BuildTasks.slnf

    • ✅ Build completed successfully
    • ✅ Packages restore and build properly
    • ⚠️ Some timeout warnings from Azure DevOps feeds, but build continues and succeeds
    • ✅ Single project restores work quickly (Graphics.csproj in 72ms)

  • WITHOUT environment variable: Build experiences more SSL-related delays and timeouts

The environment variable successfully prevents certificate revocation check failures from blocking the build process. When set, the build can continue despite some feed timeouts, whereas without it builds are more likely to fail on SSL certificate issues.

Commit: 3ce9410

Copilot finished work on behalf of PureWeen July 9, 2025 07:48
@PureWeen PureWeen merged commit c0ac97d into net10.0 Jul 9, 2025
84 of 134 checks passed
@PureWeen PureWeen deleted the copilot/fix-30502 branch July 9, 2025 08:54
@PureWeen
Copy link
Member

PureWeen commented Jul 9, 2025

/backport to main

@github-actions
Copy link
Contributor

github-actions bot commented Jul 9, 2025

Started backporting to main: https://github.com/dotnet/maui/actions/runs/16169352105

@github-actions github-actions bot mentioned this pull request Jul 9, 2025
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Aug 9, 2025
@PureWeen PureWeen added the area-infrastructure CI, Maestro / Coherency, upstream dependencies/versions label Aug 21, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@PureWeen PureWeen Awaiting requested review from PureWeen

@StephaneDelcroix StephaneDelcroix Awaiting requested review from StephaneDelcroix StephaneDelcroix was automatically assigned from dotnet/dotnet-maui-reviewers

Assignees

@PureWeen PureWeen

Copilot code review Copilot

Labels

area-infrastructure CI, Maestro / Coherency, upstream dependencies/versions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Workaround REVOCATION in .NET 10

2 participants

@PureWeen