diff options
author | Martin Baulig <martin.baulig@xamarin.com> | 2016-07-21 00:06:03 +0300 |
---|---|---|
committer | Martin Baulig <martin.baulig@xamarin.com> | 2016-07-22 20:41:14 +0300 |
commit | b4304354b149334e5ddd11c4c143aac64f46fe03 (patch) | |
tree | 357e8a38cd58fd27d16efdfb72cd256d22b689a5 | |
parent | 1a5263401e118886d5b8de0505172dc076d6bec3 (diff) |
[System]: Fix SystemCertificateValidator.EvaluateSystem() on Android. Fixes #41290.mono-4.4.2.8
After the latest code changes, we may land here with `errors == SslPolicyErrors.None`,
so we need to make sure that we actually set it to `RemoteCertificateChainErrors` if
the system validator returns an error.
-rw-r--r-- | mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs b/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs index 92832c40d98..ee854ee0bca 100644 --- a/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs +++ b/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs @@ -144,13 +144,25 @@ namespace Mono.Net.Security bool result; #if MONODROID - result = AndroidPlatform.TrustEvaluateSsl (certs); - if (result) { - // chain.Build() + GetErrorsFromChain() (above) will ALWAYS fail on - // Android (there are no mozroots or preinstalled root certificates), - // thus `errors` will ALWAYS have RemoteCertificateChainErrors. - // Android just verified the chain; clear RemoteCertificateChainErrors. - errors &= ~SslPolicyErrors.RemoteCertificateChainErrors; + try { + result = AndroidPlatform.TrustEvaluateSsl (certs); + if (result) { + // FIXME: check whether this is still correct. + // + // chain.Build() + GetErrorsFromChain() (above) will ALWAYS fail on + // Android (there are no mozroots or preinstalled root certificates), + // thus `errors` will ALWAYS have RemoteCertificateChainErrors. + // Android just verified the chain; clear RemoteCertificateChainErrors. + errors &= ~SslPolicyErrors.RemoteCertificateChainErrors; + } else { + errors |= SslPolicyErrors.RemoteCertificateChainErrors; + status11 = unchecked((int)0x800B010B); + } + } catch { + result = false; + errors |= SslPolicyErrors.RemoteCertificateChainErrors; + status11 = unchecked((int)0x800B010B); + // Ignore } #else if (is_macosx) { |