locked
ServerCertificateValidationCallback not getting called RRS feed

  • Question

  • User372654 posted

    Something must have changed recently in an update as I am no longer able to bypass certificate validation using the ServerCertificateValidationCallback delegate. Previously I had a build configuration that auto-enabled the "Managed" HttpClient implementation and a certificate callback so that we could use the 10.0.0.3 local address to talk to a local server for development purposes. This allowed us to use a local CA certificate that is not in Android emulator's trusted root.

    It has been a little while since I needed to do this type of server side debugging so switching to the Local build configuration no longer seems to work. I never get to the callback and instead get a validation error. Anyone know if something specifically changed to be able to bypass the cert verification?

    EXCEPTION: Ssl error:1000007d:SSL routines:OPENSSLinternal:CERTIFICATEVERIFYFAILED at /Users/builder/jenkins/workspace/archive-mono/2019-06/android/release/external/boringssl/ssl/handshakeclient.c:1132

    at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00048] in <9e820d206a8d4177b453df9c2fa8d1cc>:0 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <9e820d206a8d4177b453df9c2fa8d1cc>:0 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <9e820d206a8d4177b453df9c2fa8d1cc>:0 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <9e820d206a8d4177b453df9c2fa8d1cc>:0

    Local Build Config in Android Project: <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Local|AnyCPU'"> <DebugSymbols>true</DebugSymbols> <DebugType>full</DebugType> <Optimize>false</Optimize> <OutputPath>bin\Local</OutputPath> <DefineConstants>DEBUG;__LOCAL__;</DefineConstants> <ErrorReport>prompt</ErrorReport> <WarningLevel>4</WarningLevel> <AndroidLinkMode>None</AndroidLinkMode> <AndroidSupportedAbis /> <AndroidHttpClientHandlerType>System.Net.Http.HttpClientHandler</AndroidHttpClientHandlerType> <AndroidLinkTool>r8</AndroidLinkTool> <AndroidDexTool>d8</AndroidDexTool> <AndroidEnableMultiDex>false</AndroidEnableMultiDex> <AndroidEnableSGenConcurrent>true</AndroidEnableSGenConcurrent> <LangVersion>latest</LangVersion> <AndroidTlsProvider> </AndroidTlsProvider> </PropertyGroup>

    MainActivity OnCreate: //if _ LOCAL _ System.Net.ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; //endif

    Tuesday, January 14, 2020 9:21 PM

Answers

  • User372654 posted

    So apparently how you bypass a server certificate has changed since the last time I had used it.

    https://docs.microsoft.com/en-us/xamarin/cross-platform/deploy-test/connect-to-local-web-services

    • Marked as answer by Anonymous Thursday, June 3, 2021 12:00 AM
    Tuesday, January 28, 2020 1:52 PM