search

unoplatform / uno

Open-source platform for building cross-platform native Mobile, Web, Desktop and Embedded apps quickly. Create rich, C#/XAML, single-codebase apps from any IDE. Hot Reload included! 90m+ NuGet Downloads!!
https://platform.uno
Apache License 2.0
8.95k stars 725 forks source link

HttpClient causes exception in Droid app with Let's Encrypt certificates #9872

Closed luciusinfabula closed 2 years ago

luciusinfabula commented 2 years ago

Current behavior

Dears, I'm using this library FeedReader to create a Rss Reader. The library is based on HttpClient library. Trying to retrieve data from a site protected by a Let's Encrypt TLS certificate causes following exception:

{System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/external/boringssl/ssl/handshake_client.c:1132

In WPF/UWP project all goes ok while in DROID project this behaviour happens only for Let's Encrypt sites.

I tried 5 sites with Let's Encrypt and all return the same exception, while 5 ones with different TLS certificates no exception is raised.

List of Let's Encrypt sites:

List of sites with different certificates:

Luc

Expected behavior

No response

How to reproduce it (as minimally and precisely as possible)

No response

Workaround

No response

Works on UWP/WinUI

No response

Environment

No response

NuGet package version(s)

No response

Affected platforms

Android

IDE

Visual Studio 2019

IDE version

16.11.16

Relevant plugins

No response

Anything else we need to know?

No response

MartinZikmund commented 2 years ago

Can you try one of the options here https://learn.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?tabs=windows to see if some of them helps?

Alternative is to ignore the certificate validation altogether, but that is of course not ideal:

httpClientHandler.ServerCertificateCustomValidationCallback +=
    (sender, cert, chain, sslPolicyErrors) => true;
HttpClient Stack and SSL/TLS Implementation Selector for Android - Xamarin
The HttpClient Stack and SSL/TLS Implementation selectors determine the HttpClient and SSL/TLS implementation that will be used by your Xamarin.Android apps.
luciusinfabula commented 2 years ago

Hi Martin, thanks for your kindly reply.

I tried successfuly both changing HttpClient handling in advanced Droid property configuration and using explicit AndroidClientHandler and they work perfect.

At the end I decided to implement the second solution using Platform-specific C# directive like following click here .

And now I can handle in Droid project https sites configured with Let's Encrypt certificates too.

Many thanks again for your help. Luc