From ac9e222cd99a3ba55a3232598bd53bd3c397f03f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20K=C3=B6plinger?= Date: Wed, 14 Dec 2016 21:33:24 +0100 Subject: [system] Remove port number from TLS Server Name Identification (SNI). Fixes #46549 (#4120) (#4145) The port number should not be included along the host name. Otherwise the server will refuse the connection (and we'll throw). This is a problem when servers are not using the default (443) SSL/TLS port. ref: https://bugzilla.xamarin.com/show_bug.cgi?id=46549 The BTLS provider was fixed but the old MonoTLS (managed) provider had the same issue. Another PR will be made to fix AppleTLS in xamarin-macios repo [2] [1] https://github.com/mono/mono/pull/3939 [2] https://bugzilla.xamarin.com/show_bug.cgi?id=45994 (cherry picked from commit faf2a56710b105f668bab8b71565d66297e1e340) --- mcs/class/System/Mono.Net.Security/MonoTlsStream.cs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs b/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs index 79e4fbf6845..2a412482527 100644 --- a/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs +++ b/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs @@ -96,8 +96,15 @@ namespace Mono.Net.Security sslStream = provider.CreateSslStream (networkStream, false, settings); try { + var host = request.Host; + if (!string.IsNullOrEmpty (host)) { + var pos = host.IndexOf (':'); + if (pos > 0) + host = host.Substring (0, pos); + } + sslStream.AuthenticateAsClient ( - request.Host, request.ClientCertificates, + host, request.ClientCertificates, (SslProtocols)ServicePointManager.SecurityProtocol, ServicePointManager.CheckCertificateRevocationList); -- cgit v1.2.3