Problem with Websocket Handler for ssl bypass custom check not working [Bug]

[filzek]

We run a Xamarin Forms updated so far to oct 11st 2023, and we cannot solve a problem with the secure Websocket running locally.

Our goal is to use a SSL Websocket connection to a local server or local iot device running a valid certificate, but the SLL is always retuning invalid, so we try to construct a handler to allow us to check if the certificate is ok or not.

we are using Android SDK Plataform 33 or 34. Error is the same. NDK 20.1.59

code is as follow:

webSocket = new ClientWebSocket();

            webSocket.Options.UseDefaultCredentials = true;
            webSocket.Options.SetRequestHeader("Ping-Interval", "5000");
            webSocket.Options.KeepAliveInterval = new TimeSpan(0, 0, 5);
            webSocket.Options.AddSubProtocol("wss");
            webSocket.Options.RemoteCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) =>
            {
                var serverCertificate = new X509Certificate2(certificate);

                return true;
            };

            await webSocket.ConnectAsync(new Uri("wss://" + IP + "/wss2"), CancellationToken.None);
            Status = false;

So, we could trace that the handler is never being called, and the android is taking the check to the ssl by itself, what we need is that we must do the certificate check and not the android. The android SSL checker is trying to match the certificate host name/domain name with the local IP and it will never match, so, we need to manually check and authorize the connection to this.

Please let us know how to handle it in android in Xamarin forms.

LOG ERROR: {System.Net.WebSockets.WebSocketException (0x80004005): Unable to connect to the remote server ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/external/boringssl/ssl/handshake_client.c:1132 at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00042] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Btls/MonoBtlsContext.cs:220 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:715 at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool) at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00000] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:289 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:223 --- End of inner exception stack trace --- at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x0025c] in /Users/builder/jenkins/workspace/archive-mono/2020-02/android/release/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:310

[jfversluis]

I highly doubt this is specific to Xamarin.Forms, I would think this lives on the mono runtime level. I would suggest seeing if this is already reported there or file this report there if you can't find anything about it.