[System]: Fix SystemCertificateValidator.EvaluateSystem() on Android. Fixes #41290.mono-4.4.2.8

After the latest code changes, we may land here with `errors == SslPolicyErrors.None`,
so we need to make sure that we actually set it to `RemoteCertificateChainErrors` if
the system validator returns an error.

1 files changed, 19 insertions, 7 deletions

diff --git a/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs b/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
index 92832c40d98..ee854ee0bca 100644
--- a/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
+++ b/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
@@ -144,13 +144,25 @@ namespace Mono.Net.Security
 			bool result;
 
 #if MONODROID
-			result = AndroidPlatform.TrustEvaluateSsl (certs);
-			if (result) {
-				// chain.Build() + GetErrorsFromChain() (above) will ALWAYS fail on
-				// Android (there are no mozroots or preinstalled root certificates),
-				// thus `errors` will ALWAYS have RemoteCertificateChainErrors.
-				// Android just verified the chain; clear RemoteCertificateChainErrors.
-				errors  &= ~SslPolicyErrors.RemoteCertificateChainErrors;
+			try {
+				result = AndroidPlatform.TrustEvaluateSsl (certs);
+				if (result) {
+					// FIXME: check whether this is still correct.
+					//
+					// chain.Build() + GetErrorsFromChain() (above) will ALWAYS fail on
+					// Android (there are no mozroots or preinstalled root certificates),
+					// thus `errors` will ALWAYS have RemoteCertificateChainErrors.
+					// Android just verified the chain; clear RemoteCertificateChainErrors.
+					errors  &= ~SslPolicyErrors.RemoteCertificateChainErrors;
+				} else {
+					errors |= SslPolicyErrors.RemoteCertificateChainErrors;
+					status11 = unchecked((int)0x800B010B);
+				}
+			} catch {
+				result = false;
+				errors |= SslPolicyErrors.RemoteCertificateChainErrors;
+				status11 = unchecked((int)0x800B010B);
+				// Ignore
 			}
 #else
 			if (is_macosx) {