[Mono-dev] cert-sync

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Sat Jan 24 14:03:02 UTC 2015

> From: Sebastien Pouliot [mailto:sebastien.pouliot at gmail.com]
> No. WebClient, HttpWebRequest, the default HttpClient handler... all uses
> SslStream which delegates the trust decision to the OS (on iOS, Android and
> Mac).

Wait - We've already established in this thread (see links below) that on Mac, SslStream.AuthenticateAsClient throws IOException if the Trust directories were empty or nonexistent, and SslStream.AuthenticateAsClient works fine if you've run mozroots, but on the same system with empty Trusts, WebClient.DownloadString works fine.  This suggested that WebClient delegated trust to the OS, while SslStream used the .Net trust store.

Are you saying that WebClient uses SslStream in some way different from using AuthenticateAsClient?

I tested OSX SslStream.AuthenticateAsClient without mozroots.  Failed.

Alexander tested WebClient.DownloadString without mozroots.  Succeeded.

Alexander confirmed my results.

More information about the Mono-devel-list mailing list