[Mono-dev] cert-sync

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Fri Jan 23 14:48:04 UTC 2015

> From: Sebastien Pouliot [mailto:sebastien.pouliot at gmail.com]
>> Thanks - so it sounds like WebClient, on OSX, iOS, and Android, are wrapping
>> around some API provided by the OS, correct?  Is the same true on linux?
> No, not for Linux. There is (or at least was) no OS API that provided that
> service and not every distro shipped/installed-by-default any library that
> could do this.

Thanks - so the present status is, WebClient should work on non-linux platforms, (at least OSX, iOS, and Android) even with an empty mono CA root store "Trust".  On linux, the mono store "Trust" needs to be populated - but recently, the rpm & deb packages were improved to automatically populate via cert-sync.

Presumably there is no automated process to do this when built from source.  Perhaps either the Makefile, or documentation should be updated to suggest running cert-sync on linux when built from source.

SslStream and other classes that rely on the .Net cert store management, are less fortunate - the mono CA store "Trust" must be populated.  This happens automatically when using the latest linux packages, but does not happen automatically for any other platforms, and not if built from source.

More information about the Mono-devel-list mailing list