runtime: Unable to add a Certificate in ClientCertificates from HttpClientHandler/SocketsHttpHandler

Description

Hello, When I try to add a credential in ClientCredentials, its throws a NullReferenceException although, the code i wrote is quite simple

try
      {
          Stream stream = await FileSystem.OpenAppPackageFileAsync("d.cer");

          using MemoryStream s = new();
          stream.CopyTo(s);
          stream.Dispose();
          
          X509Certificate2 cert = new X509Certificate2(s.ToArray(), "PASSWORD");
          
          SocketsHttpHandler shh = new()
          {
              UseCookies = true,
              AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip,
              SslOptions =
              {
                  EnabledSslProtocols = System.Security.Authentication.SslProtocols.Tls12,
                  LocalCertificateSelectionCallback = (a,b,c,d,e) => c[0],
                  RemoteCertificateValidationCallback = (a,b,c,d) => true,
                  
              }
          };

          shh.SslOptions.ClientCertificates.Add(cert);
          
          HttpClient c = new(shh);

          var x = await c.GetAsync(new Uri("URL"));
          _ = 1;
      }
      catch (Exception e)
      {
          _ = e;
      }

Its throw on the shh.SslOptions.ClientCertificates.Add(cert);

The certificate itself has a sha256 algoritm with its public key as RSA 2048 Bits

I also tried to use the network_security_config.xml from android and it crashed when i put the CA and pin

Steps to Reproduce

  1. Run the example that i wrote on the description
  2. Put it somewhere in the code, like a button
  3. Click it 🐞

Link to public reproduction project repository

https://github.com/taz4270/ExampleCert.App

Version with bug

7.0 (current)

Last version that worked well

Unknown/Other

Affected platforms

iOS, Android

Affected platform versions

Android 13, iOS 16

Did you find any workaround?

No response

Relevant log output

No response

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Comments: 15 (9 by maintainers)

Most upvoted comments

What happened to the fix for this issue? MAUI dotnet 8 rc1 still does not allow ClientCertificates to be added to the HttpClientHandler. I would have thought supporting mutual TLS is a high priority for an SDK, especially the creation of mobile apps. Connecting to secure APIs and not being able to use mTLS and certificate pinning is a security concern.

+2
steveoshima on Oct 1, 2023

@taz4270 You’re right. Unfortunately, the native handler currently doesn’t implement ClientCertificates (see https://github.com/xamarin/xamarin-android/issues/7274).

+2
simonrozsival on Nov 29, 2022

ClientCertificates is nullable so dereferencing will throw as far as I can tell. https://learn.microsoft.com/en-us/dotnet/api/system.net.security.sslclientauthenticationoptions.clientcertificates?view=net-7.0 You should create collection like the sample in https://github.com/dotnet/runtime/issues/26708

any additional thoughts @simonrozsival

+1
wfurt on Nov 29, 2022
Read more comments on GitHub
← runtime: UdpClient inconsistent behaviour between Windows and Linux.
runtime: Unable to build coreclr repo __security_check_cookie_ex →