New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mutual Authentication: Certificate chain removed when connecting to server in MAUI app but not Xamarin Forms #100602
Comments
I'm a bit confused, where is the chains missing? Also if you're on .NET 7/8, why are you using |
The missing chains is at the server. Server receives only chain[0]. All the other certificates in the chain are not provided. Using Xamarin Forms app with httpClient or HttpWebRequest both send the full chain of certificate to the server |
Can you provide us with a repro code? Preferably for both sides? Also if you have a working code, could you share that as well?
You can use |
Hi, Client code snippet:
At the server, we get the same result in ssl handshake function as above regarding certificate chain received from client: BTW, this is a mutual authentication SSL handshake using private CA Does it help understand the issue? Regards |
So the problem is in provided server certificate chain do the validation callback and that it differs based on what platform you compile for? And you claim this difference is between Xamarin Forms and MAUI? Isn't Xamarin foundation of MAUI? @simonrozsival do you know of any difference there? |
The problem is to provide certificate chain from the client to the server. |
@NexusMobile can you please try setting |
false already in csproj file to fix httpClientHandler.ClientCertificates being null without it. |
While building project using Xamarin Forms it works fine without |
I see. I originally misread the issue and I thought the problem is with sending the client certificate to the server. The problem actually is that the server's certificate chain doesn't seem to be passed to the
Xamarin.Forms and MAUI have different implementation of the networking layer. Xamarin.Forms uses BoringSSL or OpenSSL and MAUI/.NET 8 on Android uses Android's platform APIs. |
Unless mistaken this is my understanding too. |
@NexusMobile is the server's certificate self-signed? if it is, this would be a duplicate of #84202 The relevant part from the previous discussion:
|
@simonrozsival, Client and server certificates are self-signed by the same CA. For us the certification is valid. |
Hi, |
I think there is still some confusion in this thread. In the client code in the If I understand your situation correctly, you should include your CA's public key (and possibly also the public keys of the intermediate certifcates) in the client app using |
My mistake. You are absolutely right. I've tried Thanks |
I've replaced the self-signed Certificate the server sends to the client with a public certificate and I get the same empty chain. Is it possible to have access to the source code? |
That seems like bug and it is different from the issue I shared previously. I need to be able to replicate the issue so I can diagnose it. Can you create a minimal repro in a new MAUI project and share that as a public github repo? Ideally make requests to a public website, such as https://microsoft.com or https://badssl.com (there are multiple subdomains for example with a self-signed certificate). |
I will look into this. Also from our original post, the client's certificate sent to the server has his chain removed. The certificate's chain count should be 4 in our case but it returns 0. Thanks |
Thanks!
I think that is the most relevant one for your use case. The https://client.badssl.com/ should also be relevant for the other half of the problem you describe. |
The CACertificate problem is extensive and has appeared since 17.8 and it concerns the certificates. |
` var bind = new BasicHttpsBinding(BasicHttpsSecurityMode.Transport);
` |
@Coccoliso-1963 would you mind opening a new issue so we can track these separately? |
This issue has been automatically marked |
This issue has been moved from a ticket on Developer Community.
Hi,
When connecting to the server but running the code using Xamarin Forms, the server received the full certificate chain.
Using MAUI .Net 7 or 8.0, only the client certificate is sent to the server. Certificate chain is empty.
Same certificate and server are used.
In HttpWebRequest ServerCertificateValidationCallback, chain.ChainElements is empty.
Certificate received by the server is valid.
Does anyone knows how to fix this?
Here's a snippet on the client:
Original Comments
Feedback Bot on 2/12/2024, 05:46 PM:
(private comment, text removed)
Original Solutions
(no solutions)
The text was updated successfully, but these errors were encountered: