runtime: HttpClient with mutual TLS on macOS High Sierra - does not support client authentication (Libcurl/LibreSSL problems)

I have the following error in my netstandard2 class library:

The handler does not support client authentication certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20")

I installed the newest version of Curl with OpenSSL through Homebrew and:

which curl gives /usr/local/bin/, and curl --version gives curl 7.57.0 (x86_64-apple-darwin17.2.0) libcurl/7.57.0 OpenSSL/1.0.2n zlib/1.2.11.

This does not change the version of Curl being run through my class library.

I have now been reading and testing the possible solutions in dotnet/runtime#17723, dotnet/runtime#23640 and ended up with dotnet/runtime#21679 stating that custom certificate handling will be fixed in netcore 2.1. Do I have to wait till this fix propagates into netstandard?

Is my problem just related to me not being able to change the version of libcurl being executed, or do I have a dead end?

Pardon if the solution is obvious, I have tried for almost a day with outdated and more recent answers of the related posts.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 1
  • Comments: 18 (8 by maintainers)

Most upvoted comments

I’m glad it worked for you. this is not always intuitive.

+3
wfurt on Jun 22, 2018

do you actually target netcore2.1 in your project?

+1
wfurt on Jun 22, 2018

As mentioned above - this should be addressed in .NET Core 2.1 which by default uses SocketsHttpHandler. 2.1 is in RC with go-live license.

Closing

+1
karelz on May 17, 2018
Read more comments on GitHub
← runtime: HttpClient throws unexpected TaskCanceledException when HttpClient is reused
runtime: HttpClient.GetAsync() causes uncatchable CryptographicException on Linux in OpenSslX509ChainProcessor.MapVerifyErrorToChainStatus →