When <domain-config ...> is used in network_security_config.xml then all calls to _internalTrustManager.CheckServerTrusted (javaChain, authType); will throw an exception and we will always pass SslPolicyErrors.RemoteCertificateChainErrors to the custom server certificate validation callback. To fix this, it is necessary to use hostname-specific certificate check via X509TrustManagerExtensions.
Related to https://github.com/dotnet/runtime/issues/107695
When
<domain-config ...>
is used innetwork_security_config.xml
then all calls to_internalTrustManager.CheckServerTrusted (javaChain, authType);
will throw an exception and we will always passSslPolicyErrors.RemoteCertificateChainErrors
to the custom server certificate validation callback. To fix this, it is necessary to use hostname-specific certificate check viaX509TrustManagerExtensions
.