SSlStream Authentication failing in .NET MAUI Android app whereas same is working in Xamarin.forms

[VenkataReddyDesiReddy]

Description

I have connected to Controller via WiFi from .NET MAUI Android app and TLS is enabled in connected Controller.

From .NET MAUI Android project, I am trying to authenticate SSLStream with below code SslStream _secureStream = new SslStream( new TcpClient().GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null); _secureStream.AuthenticateAsClient(serverName); //serverName is certificate name here

While authenticating it is throwing exception as below {System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AndroidCrypto+SslException: Exception of type 'Interop+AndroidCrypto+SslException' was thrown. at Interop.AndroidCrypto.SSLStreamSetTargetHost(SafeSslHandle sslHandle, String targetHost) at System.Net.SafeDeleteSslContext.InitializeSslContext(SafeSslHandle handle, SslAuthenticationOptions authOptions) at System.Net.SafeDeleteSslContext..ctor(SslAuthenticationOptions authOptions) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) --- End of inner exception stack trace --- at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__1501[[System.Net.Security.SyncReadWriteAdapter, System.Net.Security, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext() at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)

Steps to Reproduce

No response

Link to public reproduction project repository

No response

Version with bug

9.0.0-rc.2.24503.2

Is this a regression from previous behavior?

Yes, this used to work in Xamarin.Forms

Last version that worked well

Unknown/Other

Affected platforms

Android

Affected platform versions

Android all versions

Did you find any workaround?

No response

Relevant log output

No response

[Zhanglirong-Winnie]

Can you provide us with a sample project and detailed reproduction steps so we can investigate it further? Looking forward to your reply!

[VenkataReddyDesiReddy]

@Zhanglirong-Winnie I can't share sample project because at first I will connect to company specific hardware device(controller) via Wi-Fi which you can't do as it will not be available for you. But I will explain exact reproduction steps below.

1. From .NET MAUI app, I have connected to Hardware device(controller) through Wi-Fi.
2. After WI-Fi connection established authenticating certificate in Hardware device as below

TcpClient _backingTcpClient = new TcpClient();

await _backingTcpClient.ConnectAsync(ipaddress, port);

Once TLSEnabled in Hardware device(controller)

SslStream _secureStream = new SslStream(_backingTcpClient.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);

_secureStream.AuthenticateAsClient("certificate name in hardware device(controller)");

The line _secureStream.AuthenticateAsClient throwing exception as below which is working in Xamarin.forms

{System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+AndroidCrypto+SslException: Exception of type 'Interop+AndroidCrypto+SslException' was thrown. at Interop.AndroidCrypto.SSLStreamSetTargetHost(SafeSslHandle sslHandle, String targetHost) at System.Net.SafeDeleteSslContext.InitializeSslContext(SafeSslHandle handle, SslAuthenticationOptions authOptions) at System.Net.SafeDeleteSslContext..ctor(SslAuthenticationOptions authOptions) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) --- End of inner exception stack trace --- at System.Net.Security.SslStream.d__1501[[System.Net.Security.SyncReadWriteAdapter, System.Net.Security, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext() at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)

Please help me as it is a blocker for me

[drasticactions]

@VenkataReddyDesiReddy Your issue is unrelated to the MAUI UI framework; it's a runtime issue, and no one on this team can fix it.

@simonrozsival would you know more about this?

[simonrozsival]

@drasticactions yes, this issue belongs in the runtime. I'll transfer the issue.

@VenkataReddyDesiReddy the exception is coming from AndroidCrypto.SSLStreamSetTargetHost. This usually means that the TargetHost property contains a value that is not considered valid by Android (https://developer.android.com/reference/javax/net/ssl/SNIHostName). Would it be possible to share the hostname you are using (it is understandable if you don't want to share it publicly though)?

Clearly, the exception is not very descriptive, and it could be improved. In that regard, this issue is similar to https://github.com/dotnet/runtime/issues/109532.

[dotnet-policy-service[bot]]

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.

[dotnet-policy-service[bot]]

Tagging subscribers to 'arch-android': @vitek-karas, @simonrozsival, @steveisok, @akoeplinger See info in area-owners.md if you want to be subscribed.