System.NotSupportedException: cannot decode public key from unknown oid '1.2.840.10045.2.1' #71
Comments
|
same issue here. plugin does not support ECDSA, which is a big issue |
|
Let me se what i can do. |
|
Having the same problem. But I worked around it by setting TLSConfig and SSL Pinning. Not sure why this works. |
|
@alexrainman thank you! |
|
Is this iOS only? |
no, it`s both |
|
Well, i am facing this issue too so, i have to fix it :) |
|
I cannot reproduce this. I can get https://restcountries.eu/data/ala.svg without any issues as soon as i provide the public key in the TLSConfig. |
|
You can get that server public key running this code in Android: var hostname = "restcountries.eu";
var certificatePinner = new Square.OkHttp3.CertificatePinner.Builder()
.Add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.Build();
var client = new OkHttpClient.Builder()
.CertificatePinner(certificatePinner)
.Build();
var request = new Request.Builder()
.Url("https://" + hostname)
.Build();
var call = client.NewCall(request);
var response = await call.ExecuteAsync();Then provide it in the TLSConfig: readonly HttpClient client = new HttpClient(new NativeMessageHandler(false, new TLSConfig()
{
Pins = new List<Pin>()
{
new Pin()
{
Hostname = "restcountries.eu",
PublicKeys = new string []
{
"sha256/wxgZ6Jx5WaNt5zAgUSDnLsK8E5uy+DUumAogHk4P7R8="
}
}
},
DangerousAcceptAnyServerCertificateValidator = false
})
{
DisableCaching = true,
Timeout = new TimeSpan(0, 0, 9)
}); |
|
what about ios? so what i did, i just left default http client
|
|
It is universal. You get the Public Key using that trick in Android, then configure TLS for both platforms in your shared code. Also, i found where the library fails and this is not something i can fix unless i replace this piece of code: if (!chain.Build(root))
{
errors = SslPolicyErrors.RemoteCertificateChainErrors;
PinningFailureMessage = FailureMessages.ChainError;
goto sslErrorVerify;
}With something like this: var valid = chain.ChainElements.Cast<X509ChainElement>().All(x => x.Certificate.Thumbprint == root.Thumbprint);
if (!valid)
{
errors = SslPolicyErrors.RemoteCertificateChainErrors;
PinningFailureMessage = FailureMessages.ChainError;
goto sslErrorVerify;
}chain.Build(root) fails with ECDSA because it is not supported by Mono: |
|
By the way, i have exactly the same use case where i need to share my single HttpClient instance with FFImageLoading but i want to use native handlers to make it faster so, i may apply this fix and release a new version. |
chain.Build(root) fails with ECDSA because it is not supported by Mono: |
|
but why the default http client works well? |
|
Because it doesn’t use PublicKey at all. |
|
As i said, use Android to get server certificate public key, and once you have it, configure modernhttpclient with it for both platforms. |
|
hi, i have same problem. thank you so much |
|
Also ran into this issue. |
|
Hi @alexrainman Can you estimate when there will be a fix for this in iOS? |
|
Hi @alexrainman, we get this exception all the time, is there an update regarding this issue? |
|
@alexrainman ?? |
|
I have been out for most of the year. Still recovering from surgery. But a new revamped version of the plugin will be out soon. |
|
Glad you’re on the mend!! |
|
That's the plan. All my plugins will be out for .NET MAUI |
|
@alexrainman Hope you are feeling well! |
|
Yes, XF will be released in a minor version while .NET MAUI will be a major release. |
|
@alexrainman any update? |
when I use modernhttpclient.nativemessagehandler and trying to get access trough this link: https://restcountries.eu/data/ala.svg I get an exception mentioned in title of this issue. If I use httpclient without nativemessagehandler it is ok
The text was updated successfully, but these errors were encountered: