-
Notifications
You must be signed in to change notification settings - Fork 525
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X509Chain.Build is not working #7299
Comments
Hi @omghb! Thanks for reporting this issue. This is a known problem tracked in dotnet/runtime#45741. Please add a comment to that issue with the details of your use case so that we keep this information in one place. @jpobst please close this issue as it's a runtime issue (I don't have permissions to do it myself). |
Thanks for looking into this! Closing as duplicate of dotnet/runtime#45741. |
Hi @simonrozsival! Thanks for providing the dotnet/runtime#45741 link. The information helped me to solve my issue. Here some details (maybe someone will find this information useful): I have used the customChain.ChainPolicy.ExtraStore.AddRange(sslOptions.TrustedRootCertificates);
customChain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; Solution: By replacing the lines from above with the following lines customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.AddRange(sslOptions.TrustedRootCertificates); solved my issue. However, the API used by the new code requires .NET 5 or newer. |
Android application type
Android for .NET (net6.0-android, etc.)
Affected platform version
VS 2022 17.3.1
Description
I'm using an
SslStream
with a customUserCertificateValidationCallback
.a. Note: Only the first part of the workaround was required:
DangerousTrustProvider
so that theUserCertificateValidationCallback
gets called.X509Chain.Build
method. But it returnsfalse
also for a valid certificate chain:Note: On the Windows platform the same chain returned true without an issue.
By searching for the issue I found out that
X509Chain.Build
was removed from theX509TrustManagerWithValidationCallback
class as it seems not to be working. See:Please, fix
X509Chain.Build
Steps to Reproduce
Did you find any workaround?
No response
Relevant log output
No response
The text was updated successfully, but these errors were encountered: