HTTPS Xamarin iOS support for clientcertificates?

Question

Hi,
We would like to use your HTTPS library in our Xamarin project, but it doesn't appear to attatch client certificates to requests. This is a known issue for other projects as the version of .Net used in Xamarin doesn't support it, but as your libraries list support for Xamarin, we thought to ask. Using the latest Xamarin, in iOS 12.1, on an iOS 12 phone, the following code (either with the call back or without, not that the callback is called...) doesn't send the certificate.

HttpRequestCreator request = new HttpRequestCreator();
request.Settings.SslAcceptAllCertificates = true;
request.Settings.SslClientCertificateRequestHandler = new CertRequestHandler(); ;
var fullrequest = request.Create(uriEndPoint);
fullrequest.ClientCertificates.Add(UserData.Cert);
var response = fullrequest.GetResponse();
Stream receiveStream = response.GetResponseStream();
StreamReader readStream = new StreamReader(receiveStream, Encoding.UTF8);                            
string resultString = readStream.ReadToEnd();

Thanks!

Answer 1

The client certificates are supported for Xamarin.

However, please note that the client certificate has to meet couple of requirements:

1. It must be time valid: cert.IsTimeValid().
2. It must have private key: cert.HasPrivateKey().
3. It must be issued for client authentication: cert.GetEnhancedUsage() is either null or contains ExtendedUsageOids.ClientAuthentication or contains ExtendedUsageOids.AnyPurpose.
4. Issuer of the client certificate has to match issuer(s) requested by the server.

The first 3 checks can be validated on the client certificate directly. The last check can be validated by the ICertificateRequestHandler.Request() method (your CertRequestHandler class), which contains array of DistinguishedName requested by the server.

Please ensure that the client certificate you used (UserData.Cert) meets all requirements above.