Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong exception HttpClient when SSL certificate is expired #7629

Closed
rgroenewoudt opened this issue Dec 10, 2022 · 0 comments · Fixed by #7661
Closed

Wrong exception HttpClient when SSL certificate is expired #7629

rgroenewoudt opened this issue Dec 10, 2022 · 0 comments · Fixed by #7661
Assignees
Labels
Area: App Runtime Issues in `libmonodroid.so`. needs-triage Issues that need to be assigned.

Comments

@rgroenewoudt
Copy link

Android application type

Android for .NET (net6.0-android, etc.)

Affected platform version

VS2022 17.4.2

Description

When doing a HTTP request with expired certificate, using HttpClient in .NET 7 Android app, the wrong exception type returned.
Expected: HttpRequestException. Returned: WebException.

Documentation of HttpClient.SendAsync indicates HttpRequestException or TaskCanceledException should be thrown.

Steps to Reproduce

var httpClient = new HttpClient();
try
{
	var request = new HttpRequestMessage(HttpMethod.Get, "https://expired.badssl.com/");
	var response = await httpClient.SendAsync(request);
}
catch(HttpRequestException ex)
{
	Console.WriteLine("SUCCESS HttpRequestMessage: " + ex);
}
catch(Exception ex)
{
	Console.WriteLine("FAIL " + ex);
}

in .NET 7 Android app using native HTTP handler.

No issues when using SocketsHttpHandler.

Expected behavior

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.

Actual behavior

System.Net.WebException: Unacceptable certificate: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
---> Javax.Net.Ssl.SSLHandshakeException: Unacceptable certificate: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB

AndroidApp7.zip

It would be nice if the returned exception matches SocketHttpHandler by returning HttpRequestException with inner AuthenticationException and then Javax.Net.Ssl.SSLHandshakeException as inner.

Note that WebClient returns the same exception and that should keep working.

Did you find any workaround?

Simply use broader catch.

Relevant log output

No response

@rgroenewoudt rgroenewoudt added Area: App Runtime Issues in `libmonodroid.so`. needs-triage Issues that need to be assigned. labels Dec 10, 2022
grendello added a commit to grendello/xamarin-android that referenced this issue Jan 3, 2023
Fixes: dotnet#7629

Whenever a Java backend connection fails for any reason, we wrap the
thrown exception in `HttpRequestException` as described in the
`HttpClient.SendAsync` documentation.
jonpryor pushed a commit that referenced this issue Jan 28, 2023
)

Fixes: #7629

Whenever a Java backend connection fails for any reason, wrap the
thrown exception in `HttpRequestException` as described in the
[`HttpClient.SendAsync()` documentation][0].

[0]: https://learn.microsoft.com/en-us/dotnet/api/system.net.http.httpclient.sendasync?view=net-7.0#system-net-http-httpclient-sendasync(system-net-http-httprequestmessage)
@ghost ghost locked as resolved and limited conversation to collaborators Feb 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Area: App Runtime Issues in `libmonodroid.so`. needs-triage Issues that need to be assigned.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants