Bug 59192 - [Client Certificates] HttpWebRequest with HTTPS + Client Certificates fails
Summary: [Client Certificates] HttpWebRequest with HTTPS + Client Certificates fails
Status: CONFIRMED
Alias: None
Product: iOS
Classification: Xamarin
Component: BCL Class Libraries (show other bugs)
Version: XI 10.12 (d15-3)
Hardware: PC Windows
: Normal normal
Target Milestone: Future Cycle (TBD)
Assignee: Martin Baulig
URL:
Depends on: 58891
Blocks:
  Show dependency tree
 
Reported: 2017-09-02 13:11 UTC by ranson
Modified: 2017-09-15 04:04 UTC (History)
6 users (show)

See Also:
Tags:
Is this bug a regression?: No
Last known good build:


Attachments
Repro for failure with HTTPS + ClientCertificate (244.55 KB, application/x-zip-compressed)
2017-09-02 13:11 UTC, ranson
Details
Build logs with diagnostics verbosity (3.42 MB, text/plain)
2017-09-04 07:29 UTC, ranson
Details
version info (4.44 KB, text/plain)
2017-09-04 07:30 UTC, ranson
Details

Description ranson 2017-09-02 13:11:38 UTC
Created attachment 24531 [details]
Repro for failure with HTTPS + ClientCertificate

It seems HttpWebRequest with HTTPS + Client Certificate fails since the release 10.10: not totally sure if it is broken since the 10.8 or 10.10, but the code built with the most up-to-date release available on march 5th 2017 correctly runs on all iOS devices above iOS 8.1.

I have attached a repro: I have deployed a WCF server on a Windows Azure VM that is currently listening on two endpoints. Both of them require HTTPS, and one of them requires HTTPS + Client Certificates.
In the repro, there is also a WindowsForms client that works successfully on both endpoints.
In the project XFClient.iOS, the call works correctly with HTTPS, but timed-out with HTTPS + ClientCertificates: A System.Net.WebException: Error getting response stream(ReadDone1): ReceiveFailure occurred
is raised after a while.
Comment 1 Vincent Dondain [MSFT] 2017-09-04 03:59:27 UTC
Hi,

Thank you so much for the bug report.

Please include your full build logs, crash reports (if any) and all version information.

To get full build logs just set the log verbosity to diagnostic at the following locations:
- On Visual Studio for Mac: Preferences > Projects > Build
- On Visual Studio for Windows: Tools > Options > Projects and Solutions > Build and Run

On Visual Studio Windows you also want to add `-v -v -v -v` to the mtouch additional arguments by right-clicking the project in the solution explorer and selecting `Properties`.
Note: this is done automatically on Visual Studio for Mac when the log verbosity is set to diagnostic.

Easiest way to get exact version information:
- On Visual Studio for Mac: "Visual Studio" menu, "About Visual Studio" item, "Show Details" button.
- On Visual Studio for Windows: "Help menu", "About Microsoft Visual Studio" item.
Then copy/paste the version information (you can use the "Copy Information" button).
Comment 2 ranson 2017-09-04 07:29:33 UTC
Created attachment 24539 [details]
Build logs with diagnostics verbosity
Comment 3 ranson 2017-09-04 07:30:04 UTC
Created attachment 24540 [details]
version info
Comment 4 Vincent Dondain [MSFT] 2017-09-08 15:50:12 UTC
Hi,

I can confirm the issue.

When deploying XFClient.iOS on either simulator or device, if you press "Endpoint 2" (the one that requires client certificates) you get a System.Net.WebException: Error getting response stream(ReadDone1): ReceiveFailure occurred after a while.

I tried this with different XI version from Xcode 9 (10.99) all the way back to XI 10.8 and it doesn't work with any of those, this is not a regression.

Please keep the WCF server on a Windows Azure VM up until we fix the issue.
Comment 5 ranson 2017-09-09 09:06:41 UTC
Not persuaded it is not regression as I have a Xamarin.iOS application published on iTunes on March 5th 2017 that works with HTTPS + Client Certificates with exactly the same code as in the repro.

It may have been broken between Xamarin XI 10.6 and 10.8, so far as 10.8 has removed the old Mono SSL/TLS provider.
Comment 6 Marek Safar 2017-09-13 11:54:37 UTC
Martin, do we have any workaround for this?

Note You need to log in before you can comment on or make changes to this bug.