From a68ffbe9aa3f5656a08a51b6a19365d6d799f249 Mon Sep 17 00:00:00 2001
From: Adam McCoy <adam.mccoy@octopus.com>
Date: Mon, 24 Feb 2025 11:31:49 +1100
Subject: [PATCH] Use SslServerAuthenticationOptions where available

---
 source/Halibut/Transport/SecureListener.cs | 27 ++++++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/source/Halibut/Transport/SecureListener.cs b/source/Halibut/Transport/SecureListener.cs
index 09ad929e5..34747306c 100644
--- a/source/Halibut/Transport/SecureListener.cs
+++ b/source/Halibut/Transport/SecureListener.cs
@@ -34,7 +34,11 @@ public class SecureListener : IAsyncDisposable
         static extern bool SetHandleInformation(IntPtr hObject, HANDLE_FLAGS dwMask, HANDLE_FLAGS dwFlags);
 
         readonly IPEndPoint endPoint;
+#if !NET5_0_OR_GREATER
         readonly X509Certificate2 serverCertificate;
+#else
+        readonly SslServerAuthenticationOptions authenticationOptions;
+#endif
         readonly ExchangeProtocolBuilder exchangeProtocolBuilder;
         readonly Predicate<string> verifyClientThumbprint;
         readonly Func<string, string, UnauthorizedClientConnectResponse> unauthorizedClientConnect;
@@ -70,7 +74,20 @@ public SecureListener(
             IConnectionsObserver connectionsObserver)
         {
             this.endPoint = endPoint;
+
+#if !NET5_0_OR_GREATER
             this.serverCertificate = serverCertificate;
+#else
+            var certificateContext = SslStreamCertificateContext.Create(serverCertificate, null);
+            authenticationOptions = new SslServerAuthenticationOptions
+            {
+                ServerCertificateContext = certificateContext,
+                ClientCertificateRequired = true,
+                EnabledSslProtocols = SslConfiguration.SupportedProtocols,
+                CertificateRevocationCheckMode = X509RevocationMode.NoCheck
+            };
+#endif
+
             this.exchangeProtocolBuilder = exchangeProtocolBuilder;
             this.exchangeAction = exchangeAction;
             this.verifyClientThumbprint = verifyClientThumbprint;
@@ -299,11 +316,11 @@ async Task ExecuteRequest(TcpClient client)
                     log.Write(EventType.SecurityNegotiation, "Performing TLS server handshake");
 
                     await ssl
-                        .AuthenticateAsServerAsync(
-                            serverCertificate,
-                            true,
-                            SslConfiguration.SupportedProtocols,
-                            false)
+#if !NET5_0_OR_GREATER
+                        .AuthenticateAsServerAsync(serverCertificate, true, SslConfiguration.SupportedProtocols, false)
+#else
+                        .AuthenticateAsServerAsync(authenticationOptions, cancellationToken)
+#endif
                         .ConfigureAwait(false);
 
                     log.Write(EventType.SecurityNegotiation, "Secure connection established, client is not yet authenticated, client connected with {0}", ssl.SslProtocol.ToString());