[Mono-bugs] [Bug 634817] HttpWebRequest fails on HTTPS resources

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Sep 15 15:27:42 EDT 2010



--- Comment #2 from Jonathan Pryor <jpryor at novell.com> 2010-09-15 19:27:41 UTC ---
After some cursory investigation, this looks slightly more complicated than I
hoped.  Brain dump follows.

As best as I can currently determine, Android doesn't use any native C library
to store certificates/etc., so P/Invokeing something is of no consequence.

There are, however, Java libraries.  Thus, a solution may look like:

  - Add a callback to the 
    property.  This is invoked as part of validating HTTPS certificates.

  - This callback would need to obtain the X509 TrustManager, convert the
    .NET X509Chain+X509Certificate into Java equivalents, and use

    - Unfortunately, how do we convert the managed types into equivalent
      Java types?  My best guess is to use 
      from X509Certificate.Export() (which returns a byte[]), which means
      we need a Stream -> InputStream adapter 

Plus, I'm probably missing something (e.g. how do I convert an X509Chain into
an X509Certficate[]?).

An alternate approach is to hope/pray that /system/etc/security/cacerts.bks (1)
contains all the system-supplied certificates, and (2) won't change format or
location in the future.  We could then add support for the BouncyCastle BKS
container format to our tooling, and just rely on that file.


Either solution looks like lots of work. :-/

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list