reduce certificate allocations

src/MySqlConnector/Serialization/ConnectionSettings.cs

@@ -1,9 +1,6 @@
-using System;
-using System.Collections.Generic;
+using System.Collections.Generic;
 using System.IO;
 using System.Runtime.InteropServices;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
 using MySql.Data.MySqlClient;
 
 namespace MySql.Data.Serialization
@@ -34,19 +31,8 @@ public ConnectionSettings(MySqlConnectionStringBuilder csb)
 
 			// SSL/TLS Options
 			SslMode = csb.SslMode;
-			if (SslMode != MySqlSslMode.None)
-			{
-				try
-				{
-					Certificate = new X509Certificate2(csb.CertificateFile, csb.CertificatePassword);
-				}
-				catch (CryptographicException ex)
-				{
-					if (!File.Exists(csb.CertificateFile))
-						throw new MySqlException("Cannot find SSL Certificate File", ex);
-					throw new MySqlException("Either the SSL Certificate Password is incorrect or the SSL Certificate File is invalid", ex);
-				}
-			}
+			CertificateFile = csb.CertificateFile;
+			CertificatePassword = csb.CertificatePassword;
 
 			// Connection Pooling Options
 			Pooling = csb.Pooling;
@@ -83,7 +69,8 @@ private ConnectionSettings(ConnectionSettings other, bool? useCompression)
 
 			// SSL/TLS Options
 			SslMode = other.SslMode;
-			Certificate = other.Certificate;
+			CertificateFile = other.CertificateFile;
+			CertificatePassword = other.CertificatePassword;
 
 			// Connection Pooling Options
 			Pooling = other.Pooling;
@@ -114,7 +101,8 @@ private ConnectionSettings(ConnectionSettings other, bool? useCompression)
 
 		// SSL/TLS Options
 		internal readonly MySqlSslMode SslMode;
-		internal readonly X509Certificate2 Certificate;
+		internal readonly string CertificateFile;
+		internal readonly string CertificatePassword;
 
 		// Connection Pooling Options
 		internal readonly bool Pooling;
@@ -134,3 +122,4 @@ private ConnectionSettings(ConnectionSettings other, bool? useCompression)
 	}
 
 }
+

src/MySqlConnector/Serialization/MySqlSession.cs

@@ -5,6 +5,7 @@
 using System.Net.Sockets;
 using System.Runtime.InteropServices;
 using System.Security.Authentication;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading;
@@ -299,6 +300,18 @@ private async Task<bool> OpenUnixSocketAsync(ConnectionSettings cs, IOBehavior i
 
 		private async Task InitSslAsync(ConnectionSettings cs, IOBehavior ioBehavior, CancellationToken cancellationToken)
 		{
+			X509Certificate2 certificate;
+			try
+			{
+				certificate = new X509Certificate2(cs.CertificateFile, cs.CertificatePassword);
+			}
+			catch (CryptographicException ex)
+			{
+				if (!File.Exists(cs.CertificateFile))
+					throw new MySqlException("Cannot find SSL Certificate File", ex);
+				throw new MySqlException("Either the SSL Certificate Password is incorrect or the SSL Certificate File is invalid", ex);
+			}
+
 			Func<object, string, X509CertificateCollection, X509Certificate, string[], X509Certificate> localCertificateCb =
 				(lcbSender, lcbTargetHost, lcbLocalCertificates, lcbRemoteCertificate, lcbAcceptableIssuers) => lcbLocalCertificates[0];
 
@@ -319,7 +332,7 @@ private async Task InitSslAsync(ConnectionSettings cs, IOBehavior ioBehavior, Ca
 			var sslStream = new SslStream(m_networkStream, false,
 				new RemoteCertificateValidationCallback(remoteCertificateCb),
 				new LocalCertificateSelectionCallback(localCertificateCb));
-			var clientCertificates = new X509CertificateCollection { cs.Certificate };
+			var clientCertificates = new X509CertificateCollection { certificate };
 
 			// SslProtocols.Tls1.2 throws an exception in Windows, see https://github.com/mysql-net/MySqlConnector/pull/101
 			var sslProtocols = SslProtocols.Tls | SslProtocols.Tls11;