HTTPS Xamarin iOS support for clientcertificates?

0 votes
asked Feb 22, 2019 by gtseg (160 points)
edited Feb 22, 2019 by Lukas Matyska

We would like to use your HTTPS library in our Xamarin project, but it doesn't appear to attatch client certificates to requests. This is a known issue for other projects as the version of .Net used in Xamarin doesn't support it, but as your libraries list support for Xamarin, we thought to ask. Using the latest Xamarin, in iOS 12.1, on an iOS 12 phone, the following code (either with the call back or without, not that the callback is called...) doesn't send the certificate.

HttpRequestCreator request = new HttpRequestCreator();
request.Settings.SslAcceptAllCertificates = true;
request.Settings.SslClientCertificateRequestHandler = new CertRequestHandler(); ;
var fullrequest = request.Create(uriEndPoint);
var response = fullrequest.GetResponse();
Stream receiveStream = response.GetResponseStream();
StreamReader readStream = new StreamReader(receiveStream, Encoding.UTF8);                            
string resultString = readStream.ReadToEnd();


1 Answer

+1 vote
answered Feb 22, 2019 by Lukas Matyska (59,010 points)
selected Feb 25, 2019 by gtseg
Best answer

The client certificates are supported for Xamarin.

However, please note that the client certificate has to meet couple of requirements:

  1. It must be time valid: cert.IsTimeValid().
  2. It must have private key: cert.HasPrivateKey().
  3. It must be issued for client authentication: cert.GetEnhancedUsage() is either null or contains ExtendedUsageOids.ClientAuthentication or contains ExtendedUsageOids.AnyPurpose.
  4. Issuer of the client certificate has to match issuer(s) requested by the server.

The first 3 checks can be validated on the client certificate directly. The last check can be validated by the ICertificateRequestHandler.Request() method (your CertRequestHandler class), which contains array of DistinguishedName requested by the server.

Please ensure that the client certificate you used (UserData.Cert) meets all requirements above.