Problem with self-signed Certificate on Xamarin #8613 | Support Center

fabiovalerio created 4 years ago

Hi to all, I'm facing the annoying problem of certificate not trusted because it is a self-signed cert, while running Android app!

I found a workaround on the web (following this article: https://docs.microsoft.com/it-it/xamarin/cross-platform/deploy-test/connect-to-local-web-services) simply override ServerCertificateCustomValidationCallback property of NativeMessageHandler instance passed to AuthenticationHttpHandler inside ModernHttpClientFactory

But this kind of solution doesn't work as aspected, because the ServerCertificateCustomValidationCallback never call!

Googling more, I've encounterented ModernHttpClient Git repository that is apparently not supported anymore, and it's replaced by Paid version, that has a specific management for handlilng Untrusted certs.

How I can resolve this issue, without editing a lot of ANZ Solution's CodeBase.

This is significantly urgent for us! Many thanks!

5 Answer(s)

fabiovalerio created 4 years ago

As Workaround I edited ModernHttpClientFactory.cs as following:

 
         public override HttpMessageHandler CreateMessageHandler()
         {
-            return new AuthenticationHttpHandler(new NativeMessageHandler
+            return new AuthenticationHttpHandler(new HttpClientHandler
             {
-                AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
+                AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
+                ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
+                {
+                    if (cert.Issuer.Equals("CN=localhost"))
+                        return true;
+                    return errors == System.Net.Security.SslPolicyErrors.None;
+                }
             })
             {
                 OnSessionTimeOut = OnSessionTimeOut,
``

0

maliming created 4 years ago
Support Team

I think your approach is correct, you can return true directly during development.
0

fabiovalerio created 4 years ago

Hi @maliming, thanks for your reply.

Not only returning true was the fix, either replacing NativeMessageHandler with HttpClientHandler was the real trick!

Maybe ModernHttpClient's class implementation avoid calling ServerCertificateCustomValidationCallback!

If there are no controindications, I suggest to apply this fix in the ANZ codebase!
0

ismcagdas created 4 years ago
Support Team

Hi @fabiovalerio

Yes, we can also apply this to AspNet Zero.

Thanks,
0
alper created 4 years ago
Support Team
This has been fixed!

Issue => https://github.com/aspnetzero/aspnet-zero-core/issues/3014

Changed files => https://github.com/aspnetzero/aspnet-zero-core/pull/3044/files

Have an answer to this question? Log in and write your answer.