Bug 59960 - HttpWebRequest & Installed Cert does not work on iOS 11
Summary: HttpWebRequest & Installed Cert does not work on iOS 11
Status: RESOLVED DUPLICATE of bug 58411
Alias: None
Product: iOS
Classification: Xamarin
Component: Xamarin.iOS.dll (show other bugs)
Version: XI 10.99 (xcode9)
Hardware: Macintosh Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2017-10-04 14:49 UTC by David Lilley
Modified: 2017-10-05 12:12 UTC (History)
3 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
ContainedApp (14.06 KB, application/zip)
2017-10-04 14:49 UTC, David Lilley
Details

Description David Lilley 2017-10-04 14:49:20 UTC
Created attachment 25100 [details]
ContainedApp

Some of our clients are  installing Enterprise certificates (nothing to do with our app) and its causing HttpWebRequest when visiting https://fints.bankingonline.de/fints/ to fail on iOS 11 but iOS 10 it works. Removing the certificate and it all works fine with our App.

Most of the clients are using Verisign Certificates.

I am attaching a self contained test.

1. Install certificate on the IPhone 

https://www.symantec.com/theme/roots - VeriSign Class 3 Primary CA - G5
https://www.symantec.com/content/dam/symantec/docs/other-resources/verisign-class-3-public-primary-certification-authority-g5-en.pem


2. Run App you will see it give an exception.
3. Delete certificate and re run the app and the press the Go button and it will show Success.
Comment 1 David Lilley 2017-10-04 14:52:26 UTC
perhaps duplicate of HttpWebRequest Bug 58411 - System.Security.Cryptography.CryptographicException: Store root doesn't exist
https://bugzilla.xamarin.com/show_bug.cgi?id=58411 ?
Comment 2 David Lilley 2017-10-04 14:59:34 UTC
the Stact trace


System.Net.WebException: Error: TrustFailure (CertificateUnknown) ---> Mono.Security.Interface.TlsException: CertificateUnknown
  at Mono.AppleTls.AppleTlsContext.EvaluateTrust () [0x000a5] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:268 
  at Mono.AppleTls.AppleTlsContext.RequirePeerTrust () [0x00008] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:217 
  at Mono.AppleTls.AppleTlsContext.ProcessHandshake () [0x00046] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:193 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncProtocolRequest asyncRequest, Mono.Net.Security.AsyncOperationStatus status) [0x0002a] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:594 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (Mono.Net.Security.AsyncOperationStatus status) [0x0006b] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:272 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation () [0x0000d] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:218 
  at Mono.Net.Security.AsyncProtocolRequest.StartOperation () [0x0003c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:204 
  at Mono.Net.Security.AsyncProtocolRequest.StartOperation (Mono.Net.Security.AsyncOperation operation) [0x00024] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:189 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x00057] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:216 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/referencesource/mscorlib/system/runtime/exceptionservices/exceptionservicescommon.cs:151 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x0006c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:218 
  at Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:126 
  at Mono.Net.Security.Private.MonoSslStreamWrapper.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MonoSslStreamWrapper.cs:75 
  at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x0007b] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs:116 
  at System.Net.WebConnection.CreateStream (System.Net.HttpWebRequest request) [0x00073] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/System.Net/WebConnection.cs:412 
   --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetRequestStream (System.IAsyncResult asyncResult) [0x0003c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:902 
  at System.Net.HttpWebRequest.GetRequestStream () [0x0004e] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:918 
  at TestSSL.ViewController.DoRequest () [0x0001f] in /Users/davidlilley/Projects/TestClientCertProblem/TestSSL/ViewController.cs:40
Comment 3 Vincent Dondain [MSFT] 2017-10-04 15:16:30 UTC
Yes that looks like a duplicate of #58411

*** This bug has been marked as a duplicate of bug 58411 ***

Note You need to log in before you can comment on or make changes to this bug.