Mono https webrequest fails with "The authentication or decryption has failed"

c# https mono webrequest

I had the same problem with Unity (which also uses mono) and this post helped me to solve it.

Just add the following line before making your request:

ServicePointManager.ServerCertificateValidationCallback = MyRemoteCertificateValidationCallback;

And this method:

public bool MyRemoteCertificateValidationCallback(System.Object sender,
    X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    bool isOk = true;
    // If there are errors in the certificate chain,
    // look at each error to determine the cause.
    if (sslPolicyErrors != SslPolicyErrors.None) {
        for (int i=0; i<chain.ChainStatus.Length; i++) {
            if (chain.ChainStatus[i].Status == X509ChainStatusFlags.RevocationStatusUnknown) {
                continue;
            }
            chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
            chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
            chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan (0, 1, 0);
            chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
            bool chainIsValid = chain.Build ((X509Certificate2)certificate);
            if (!chainIsValid) {
                isOk = false;
                break;
            }
        }
    }
    return isOk;
}

The .NET Framework on Windows uses the Windows Certificates store (mmc, Add/Remove Snap-Ins, Certificates) to determine whether to accept an SSL certificate from a remote site. Windows ships with a bunch of Root and Intermediate Certificate Authorities (CA) and they get updated periodically by Windows Update. As a result, your .NET code will generally trust a certificate provided it was issued by a CA or a descendant of a CA in the certificate store (most reputable commercial CA's are included).

In Mono, there is no Windows Certificate store. Mono has it's own store. By default, it is empty (there are no default CA's that are trusted). You need to manage the entries yourself.

Take a look here:

  • http://www.mono-project.com/FAQ:_Security
  • https://raw.github.com/mono/mono/master/mcs/class/Mono.Security/Test/tools/tlstest/tlstest.cs

The mozroots.exe point will cause your mono install to trust everything that Firefox trusts after a default install.

Related

Testing equality of three values
Beta version in Android play store. Where's the opt-in link for testers?
How to preserve identifierForVendor in ios after uninstalling ios app on device?
What is the difference between socket.send() and socket.sendall()?
How to recognize vehicle license / number plate (ANPR) from an image? [closed]
-bash: syntax error near unexpected token `newline'
Test if an argument of a function is set or not in R
warning: iPad: Icon-72.png: icon dimensions (0 x 0)
How to make a WPF window be on top of all other windows of my app (not system wide)?
Retrospectively add --recursive to a git repo
Migrate from Aperture to Photos: use Catalina or Mojave?
How to cancel an iCloud download on macOS X (Sierra)?