Bug 59960 - HttpWebRequest & Installed Cert does not work on iOS 11
Summary: HttpWebRequest & Installed Cert does not work on iOS 11
Status: RESOLVED DUPLICATE of bug 58411
Alias: None
Product: iOS
Classification: Xamarin
Component: Xamarin.iOS.dll (show other bugs)
Version: XI 10.99 (xcode9)
Hardware: Macintosh Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2017-10-04 14:49 UTC by David Lilley
Modified: 2017-10-05 12:12 UTC (History)
3 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
ContainedApp (14.06 KB, application/zip)
2017-10-04 14:49 UTC, David Lilley
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED DUPLICATE of bug 58411

Description David Lilley 2017-10-04 14:49:20 UTC
Created attachment 25100 [details]
ContainedApp

Some of our clients are  installing Enterprise certificates (nothing to do with our app) and its causing HttpWebRequest when visiting https://fints.bankingonline.de/fints/ to fail on iOS 11 but iOS 10 it works. Removing the certificate and it all works fine with our App.

Most of the clients are using Verisign Certificates.

I am attaching a self contained test.

1. Install certificate on the IPhone 

https://www.symantec.com/theme/roots - VeriSign Class 3 Primary CA - G5
https://www.symantec.com/content/dam/symantec/docs/other-resources/verisign-class-3-public-primary-certification-authority-g5-en.pem


2. Run App you will see it give an exception.
3. Delete certificate and re run the app and the press the Go button and it will show Success.
Comment 1 David Lilley 2017-10-04 14:52:26 UTC
perhaps duplicate of HttpWebRequest Bug 58411 - System.Security.Cryptography.CryptographicException: Store root doesn't exist
https://bugzilla.xamarin.com/show_bug.cgi?id=58411 ?
Comment 2 David Lilley 2017-10-04 14:59:34 UTC
the Stact trace


System.Net.WebException: Error: TrustFailure (CertificateUnknown) ---> Mono.Security.Interface.TlsException: CertificateUnknown
  at Mono.AppleTls.AppleTlsContext.EvaluateTrust () [0x000a5] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:268 
  at Mono.AppleTls.AppleTlsContext.RequirePeerTrust () [0x00008] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:217 
  at Mono.AppleTls.AppleTlsContext.ProcessHandshake () [0x00046] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:193 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncProtocolRequest asyncRequest, Mono.Net.Security.AsyncOperationStatus status) [0x0002a] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:594 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (Mono.Net.Security.AsyncOperationStatus status) [0x0006b] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:272 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation () [0x0000d] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:218 
  at Mono.Net.Security.AsyncProtocolRequest.StartOperation () [0x0003c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:204 
  at Mono.Net.Security.AsyncProtocolRequest.StartOperation (Mono.Net.Security.AsyncOperation operation) [0x00024] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:189 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x00057] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:216 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/referencesource/mscorlib/system/runtime/exceptionservices/exceptionservicescommon.cs:151 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Net.LazyAsyncResult lazyResult) [0x0006c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:218 
  at Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:126 
  at Mono.Net.Security.Private.MonoSslStreamWrapper.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00000] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MonoSslStreamWrapper.cs:75 
  at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x0007b] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs:116 
  at System.Net.WebConnection.CreateStream (System.Net.HttpWebRequest request) [0x00073] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/System.Net/WebConnection.cs:412 
   --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetRequestStream (System.IAsyncResult asyncResult) [0x0003c] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:902 
  at System.Net.HttpWebRequest.GetRequestStream () [0x0004e] in /Library/Frameworks/Xamarin.iOS.framework/Versions/11.0.0.0/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:918 
  at TestSSL.ViewController.DoRequest () [0x0001f] in /Users/davidlilley/Projects/TestClientCertProblem/TestSSL/ViewController.cs:40
Comment 3 Vincent Dondain [MSFT] 2017-10-04 15:16:30 UTC
Yes that looks like a duplicate of #58411

*** This bug has been marked as a duplicate of bug 58411 ***