Open Alex-Dobrynin opened 4 years ago
same issue here. plugin does not support ECDSA, which is a big issue
Let me se what i can do.
Having the same problem. But I worked around it by setting TLSConfig and SSL Pinning. Not sure why this works.
@alexrainman thank you! do you have any ETA for this? or do you need some help?
Is this iOS only?
Is this iOS only?
no, it`s both
Well, i am facing this issue too so, i have to fix it :)
I cannot reproduce this. I can get https://restcountries.eu/data/ala.svg without any issues as soon as i provide the public key in the TLSConfig.
You can get that server public key running this code in Android:
var hostname = "restcountries.eu";
var certificatePinner = new Square.OkHttp3.CertificatePinner.Builder()
.Add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.Build();
var client = new OkHttpClient.Builder()
.CertificatePinner(certificatePinner)
.Build();
var request = new Request.Builder()
.Url("https://" + hostname)
.Build();
var call = client.NewCall(request);
var response = await call.ExecuteAsync();
Then provide it in the TLSConfig:
readonly HttpClient client = new HttpClient(new NativeMessageHandler(false, new TLSConfig()
{
Pins = new List<Pin>()
{
new Pin()
{
Hostname = "restcountries.eu",
PublicKeys = new string []
{
"sha256/wxgZ6Jx5WaNt5zAgUSDnLsK8E5uy+DUumAogHk4P7R8="
}
}
},
DangerousAcceptAnyServerCertificateValidator = false
})
{
DisableCaching = true,
Timeout = new TimeSpan(0, 0, 9)
});
what about ios? and i provide this handler to FF Image Loading once at app startup, so i need to have universal approach. because the user may have different images or svgs from different hosts and from our backend during runtime.
so what i did, i just left default http client
It is universal.
You get the Public Key using that trick in Android, then configure TLS for both platforms in your shared code.
Also, i found where the library fails and this is not something i can fix unless i replace this piece of code:
if (!chain.Build(root))
{
errors = SslPolicyErrors.RemoteCertificateChainErrors;
PinningFailureMessage = FailureMessages.ChainError;
goto sslErrorVerify;
}
With something like this:
var valid = chain.ChainElements.Cast<X509ChainElement>().All(x => x.Certificate.Thumbprint == root.Thumbprint);
if (!valid)
{
errors = SslPolicyErrors.RemoteCertificateChainErrors;
PinningFailureMessage = FailureMessages.ChainError;
goto sslErrorVerify;
}
chain.Build(root) fails with ECDSA because it is not supported by Mono:
By the way, i have exactly the same use case where i need to share my single HttpClient instance with FFImageLoading but i want to use native handlers to make it faster so, i may apply this fix and release a new version.
same issue here. plugin does not support ECDSA, which is a big issue
chain.Build(root) fails with ECDSA because it is not supported by Mono:
but why the default http client works well?
Because it doesn’t use PublicKey at all.
As i said, use Android to get server certificate public key, and once you have it, configure modernhttpclient with it for both platforms.
hi,
i have same problem. Is there any news on the update that fixes this crash?
thank you so much
Also ran into this issue. @alexrainman thanks for the code to discover the public keys! Interestingly enough - for me - this was only crashing on iOS.
Hi @alexrainman Can you estimate when there will be a fix for this in iOS?
Hi @alexrainman, we get this exception all the time, is there an update regarding this issue?
@alexrainman ??
I have been out for most of the year. Still recovering from surgery. But a new revamped version of the plugin will be out soon.
Glad you’re on the mend!! When you do revamp the library, can you make it a . NET MAUI class library project as opposed to the classic xam plugin model
That's the plan. All my plugins will be out for .NET MAUI
@alexrainman Hope you are feeling well! Happy to hear that a version with fixes will be released soon, we have been waiting for it for quite a long time. a Xamarin.Forms version with this fix will be released as well, right?
Yes, XF will be released in a minor version while .NET MAUI will be a major release.
@alexrainman any update?
when I use modernhttpclient.nativemessagehandler and trying to get access trough this link: https://restcountries.eu/data/ala.svg I get an exception mentioned in title of this issue. If I use httpclient without nativemessagehandler it is ok