Base solution for your next web application
Open Closed

Problem with self-signed Certificate on Xamarin #8613


User avatar
0
fabiovalerio created

Hi to all, I'm facing the annoying problem of certificate not trusted because it is a self-signed cert, while running Android app!

I found a workaround on the web (following this article: https://docs.microsoft.com/it-it/xamarin/cross-platform/deploy-test/connect-to-local-web-services) simply override ServerCertificateCustomValidationCallback property of NativeMessageHandler instance passed to AuthenticationHttpHandler inside ModernHttpClientFactory

But this kind of solution doesn't work as aspected, because the ServerCertificateCustomValidationCallback never call!

Googling more, I've encounterented ModernHttpClient Git repository that is apparently not supported anymore, and it's replaced by Paid version, that has a specific management for handlilng Untrusted certs.

How I can resolve this issue, without editing a lot of ANZ Solution's CodeBase.

This is significantly urgent for us! Many thanks!


5 Answer(s)
  • User Avatar
    0
    fabiovalerio created

    As Workaround I edited ModernHttpClientFactory.cs as following:

     
             public override HttpMessageHandler CreateMessageHandler()
             {
    -            return new AuthenticationHttpHandler(new NativeMessageHandler
    +            return new AuthenticationHttpHandler(new HttpClientHandler
                 {
    -                AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
    +                AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate,
    +                ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
    +                {
    +                    if (cert.Issuer.Equals("CN=localhost"))
    +                        return true;
    +                    return errors == System.Net.Security.SslPolicyErrors.None;
    +                }
                 })
                 {
                     OnSessionTimeOut = OnSessionTimeOut,
    ``
    
  • User Avatar
    0
    maliming created
    Support Team

    I think your approach is correct, you can return true directly during development.

  • User Avatar
    0
    fabiovalerio created

    Hi @maliming, thanks for your reply.

    Not only returning true was the fix, either replacing NativeMessageHandler with HttpClientHandler was the real trick!

    Maybe ModernHttpClient's class implementation avoid calling ServerCertificateCustomValidationCallback!

    If there are no controindications, I suggest to apply this fix in the ANZ codebase!

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @fabiovalerio

    Yes, we can also apply this to AspNet Zero.

    Thanks,

  • User Avatar
    0
    alper created
    Support Team

    This has been fixed!

    • Issue => https://github.com/aspnetzero/aspnet-zero-core/issues/3014
    • Changed files => https://github.com/aspnetzero/aspnet-zero-core/pull/3044/files