Notice (2018-05-24): bugzilla.xamarin.com is now in
Please join us on
Visual Studio Developer Community and in the
Mono organizations on
GitHub to continue tracking issues. Bugzilla will remain
available for reference in read-only mode. We will continue to work
on open Bugzilla bugs, copy them to the new locations
as needed for follow-up, and add the new items under Related
Our sincere thanks to everyone who has contributed on this bug
tracker over the years. Thanks also for your understanding as we
make these adjustments and improvements for the future.
Please create a new report on
Developer Community or GitHub with
your current version information, steps to reproduce, and relevant error
messages or log files if you are hitting an issue that looks similar to
this resolved bug and you do not yet see a matching new report.
Created attachment 8610 [details]
Use self-signed certificate in local development does not work when WebView.Source set in OnAppearing(), but does work when set in the Page constructor.
I have not been able to reproduce this as I do not have a local SSL server to test with.
## Customer's description of the issue:
I am having issues getting a UIWebView to accept a self-signed certificate that is used during development/debugging on my local machine.
The code mimics the information Apple provides on Performing Custom TLS Chain Validation (https://developer.apple.com/library/ios/DOCUMENTATION/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html#//apple_ref/doc/uid/TP40009507-SW9) and Overriding TLS Chain Validation Correctly (https://developer.apple.com/library/ios/DOCUMENTATION/NetworkingInternet/Conceptual/NetworkingTopics/Articles/OverridingSSLChainValidationCorrectly.html#//apple_ref/doc/uid/TP40012544-SW1).
The code uses an NSUrlConnectionDelegate to add the self-signed cert as an anchor in the trust. This functionality works, but inconsistently. Setting the Source property of the Xamarin Forms WebView in the constructor of a ContentPage exhibits the correct behavior. The self-signed certificate gets added to the trust and the WebView loads the page. Setting the Source property in the Appearing event of a ContentPage does not work. The self-signed certificate is getting added to the trust but doesn't get used and the WebView doesn't load the page.
A further example, and one that is much closer to the actual use case of our application, is navigating to a secured page on a redirect from a different non-secured page. In the example project, example 3 loads a non-secured page that has a button that when posted back to the server issues a redirect to the secured page. The first time the button is clicked, the self-signed certificate gets added to the trust, but the WebView still doesn't load the page because it believes the self-signed certificate to be invalid. However, clicking the button a second time does successfully load the secured page in the WebView as it appears that the self-signed certificate is now an anchor in the trust.
I'd like to know how to have this work consistently using Xamarin and/or what working alternatives there are for using a self-signed certificate during local development.
I am filing this against Xamarin Forms as it seems significant, perhaps timing wise, that setting the source fails in OnAppearing but succeeds in the Page constructor. Of course feel free to change the product if my thinking is wrong on this.
From the customer about the local html pages he is using for testing on his local machine's http/https server:
We don’t have those pages publically accessible for demonstration, but the pages themselves are nothing special and easily created and pluggable into the example as they are referenced by constants. SecurePage is just a basic html page that displays the text "success". NonSecuredPage just has a link that redirects to SecurePage.
I tried to reproduce this issue but I am not able to reproduce this issue, we may have to see if a developer can figure out what's going on from the stack trace and attached project.
No reproduction ever provided