[Mono-list] Certificate validation in HttpWebRequest
Edward Ned Harvey (mono)
edward.harvey.mono at clevertrove.com
Fri Mar 21 13:43:49 UTC 2014
> From: mono-list-bounces at lists.ximian.com [mailto:mono-list-
> bounces at lists.ximian.com] On Behalf Of Mat Arge
> I do access some websites on HTTPS URLs using the HttpWebRequest class.
> handle the certificates I set the
> System.Net.ServicePointManager.ServerCertificateValidationCallback to an
> implementation of mine. This worked fine, but recently (to be precise: since
> updating from mono-2.10 to 3.2.8) I get the old "System.Net.WebException:
> Error getting response stream (Write: The authentication or decryption has
> failed.)" error again. My callback is actually never called.
I recently stepped into the same problem, only I was using SslStream rather than HttpWebRequest, and thanks to Sebastien for steering me straight.
I don't know if HttpWebRequest is using SslStream under the hood? Here was the answer for SslStream. I'm highly suspicious that it's related.
Check the mono compatibility page. (Just google for "mono compatibility"). At the bottom, go to "class status pages" and then System, System.Net.Security, SslStream. Notice that the basic constructor (without RemoteCertificateValidationCallback) is green and good. While the ones with callback are marked as not returning SslPolicyErrors correctly. The solution for me was to use the basic constructor, and then if AuthenticateAsClient failed, try again using the other constructor, but ignore the SslPolicyErrors and Chain.
Looking at HttpWebRequest right now, I don't see anything obviously along those lines. It is very likely you are encountering *some* bug or incomplete feature. Can you post some sample code? That would make it easier to say for sure.
More information about the Mono-list