[Mono-bugs] [Bug 634817] HttpWebRequest fails on HTTPS resources
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Wed Sep 15 15:27:42 EDT 2010
https://bugzilla.novell.com/show_bug.cgi?id=634817
https://bugzilla.novell.com/show_bug.cgi?id=634817#c2
--- Comment #2 from Jonathan Pryor <jpryor at novell.com> 2010-09-15 19:27:41 UTC ---
After some cursory investigation, this looks slightly more complicated than I
hoped. Brain dump follows.
As best as I can currently determine, Android doesn't use any native C library
to store certificates/etc., so P/Invokeing something is of no consequence.
There are, however, Java libraries. Thus, a solution may look like:
- Add a callback to the
ServicePointManager.ServerCertificateValidationCallback
property. This is invoked as part of validating HTTPS certificates.
- This callback would need to obtain the X509 TrustManager, convert the
.NET X509Chain+X509Certificate into Java equivalents, and use
IX509MTrustManager.CheckServerTrusted().
- Unfortunately, how do we convert the managed types into equivalent
Java types? My best guess is to use
Java.Security.Cert.CertificateFactory.GenerateCertificate(InputStream)
from X509Certificate.Export() (which returns a byte[]), which means
we need a Stream -> InputStream adapter
(byte[]->MemoryStream->InputStream).
Plus, I'm probably missing something (e.g. how do I convert an X509Chain into
an X509Certficate[]?).
An alternate approach is to hope/pray that /system/etc/security/cacerts.bks (1)
contains all the system-supplied certificates, and (2) won't change format or
location in the future. We could then add support for the BouncyCastle BKS
container format to our tooling, and just rely on that file.
http://www.bouncycastle.org/specifications.html
Either solution looks like lots of work. :-/
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list