[Mono-dev] cert-sync

Sebastien Pouliot sebastien.pouliot at gmail.com
Fri Jan 23 14:56:24 UTC 2015

On Fri, Jan 23, 2015 at 9:48 AM, Edward Ned Harvey (mono) <
edward.harvey.mono at clevertrove.com> wrote:

> > From: Sebastien Pouliot [mailto:sebastien.pouliot at gmail.com]
> >
> >> Thanks - so it sounds like WebClient, on OSX, iOS, and Android, are
> wrapping
> >> around some API provided by the OS, correct?  Is the same true on linux?
> >
> > No, not for Linux. There is (or at least was) no OS API that provided
> that
> > service and not every distro shipped/installed-by-default any library
> that
> > could do this.
> Thanks - so the present status is, WebClient should work on non-linux
> platforms, (at least OSX, iOS, and Android) even with an empty mono CA root
> store "Trust".  On linux, the mono store "Trust" needs to be populated -
> but recently, the rpm & deb packages were improved to automatically
> populate via cert-sync.
> Presumably there is no automated process to do this when built from
> source.  Perhaps either the Makefile, or documentation should be updated to
> suggest running cert-sync on linux when built from source.
> SslStream

No. WebClient, HttpWebRequest, the default HttpClient handler... all uses
SslStream which delegates the trust decision to the OS (on iOS, Android and

> and other classes that rely on the .Net cert store management, are less
> fortunate - the mono CA store "Trust" must be populated.  This happens
> automatically when using the latest linux packages, but does not happen
> automatically for any other platforms, and not if built from source.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20150123/8d9e23f1/attachment.html>

More information about the Mono-devel-list mailing list