0 votes
by (790 points)

We are using Rebex HTTPS R5.0 in a Xamarin for Android project, build using Visual Studio 2019 version 16.9.4, for devices running Android 10.

According to you platform support chart, we added the binaries from the netstandard2.0 folder to the project, same for the binaries of the Simple elliptic curve libraries.

Contacting the domain cdn.reservix.com with TLS 1.3, we get an error validating the certificate with the following ValidationStatus:

IncompleteChain | OfflineRev | UnknownRev

Behind that there is an error in the Handle of the CertificateChain of the SslCertificateValidationEventArgs in the ValidatingCertificate event handler:

Unable to cast object of type "Mono.Debugger.Soft.PointerValue" to type "Mono.Debugger.Soft.PrimitiveValue".

Updating to the .NET Standard 2.1 version did not change anything.

What can we do here?

Applies to: Rebex HTTPS

1 Answer

0 votes
by (147k points)
selected by
Best answer

By default, Rebex components on Xamarin.Android use .NET's X509Chain class to validate certificates, which currently uses its own certificate stores, which usually does not work properly.

Please add reference to Rebex.Common.Native.dll and enable NativeCertificteEngine, as described in the following KB article:
HOWTO: HOWTO: Validating X.509 certificates on Xamarin.Android and Xamarin.iOS

by (790 points)
Thank you, that works!
by (200 points)
Hi Lukas,
For me, e.CertificateChain.Validate returns FALSE with the status 'NotTrusted' even after using CertificateEngine.SetCurrentEngine(new NativeCertificateEngine()).

I tried using a few options as well, but the result was the same.

e.CertificateChain.Validate(e.ServerName, ValidationOptions.SkipRevocationCheck | ValidationOptions.IgnoreTimeNotValid | ValidationOptions.IgnoreCnNotMatch)

Any suggestions from your side?

by (147k points)
- On Xamarin platforms, only validation of certificates with RSA keys is supported.
- When using a custom CA, its certificate has to be added to list of trusted CAs of the device.
- The Validate method returns an instance of ValidationResult (https://www.rebex.net/doc/api/Rebex.Security.Certificates.ValidationResult.html). To find out why it returned FALSE, see the contents of Status property.