Bug 12106 - SSL Exception when connection google-based API
Summary: SSL Exception when connection google-based API
Status: RESOLVED NORESPONSE
Alias: None
Product: Android
Classification: Xamarin
Component: General ()
Version: 4.6.x
Hardware: PC Mac OS
: High normal
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2013-05-06 02:08 UTC by Prashant Cholachagudda
Modified: 2017-07-05 17:41 UTC (History)
8 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED NORESPONSE

Description Prashant Cholachagudda 2013-05-06 02:08:31 UTC
SSL Exception when connecting Google based API seen at 59:30
http://youtu.be/He6QvnLsPUA?t=59m30s

Sample code: https://github.com/slodge/NPlus1DaysOfMvvmCross/tree/master/N-06-Books
Comment 2 Prashant Cholachagudda 2013-05-06 05:07:03 UTC
Stack trace from Stuart:


Exception:

System.Security.Cryptography.CryptographicException: Store Root doesn't
exists.
Exception:

System.Security.Cryptography.CryptographicException: Store Root doesn't
exists.
Exception:

System.Security.Cryptography.CryptographicException: Store CA doesn't
exists.

Exception:

System.IO.IOException: The authentication or decryption has failed.
Exception:

System.IO.IOException: The authentication or decryption has failed.
Exception:

System.Net.WebException: Error getting response stream (Write: The
authentication or decryption has failed.): SendFailure
Exception:

System.Net.WebException: Error writing request: The authentication or
decryption has failed.



with some stacktrace:

$exception
{Mono.Security.Protocol.Tls.TlsException: The server stopped the handshake.
at Mono.Security.Protocol.Tls.SslClientStream.SafeReceiveRecord
(System.IO.Stream s, Boolean ignoreEmpty) [0x00000] in <filename unknown>:0
at
Mono.Security.Protocol.Tls.SslClientStream.OnNegotiateHandshakeCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 }
base: {System.Exception}
Alert: {Mono.Security.Protocol.Tls.Alert}
$exception.StackTrace
" at Mono.Security.Protocol.Tls.SslClientStream.SafeReceiveRecord
(System.IO.Stream s, Boolean ignoreEmpty) [0x00000] in <filename unknown>:0
\n at
Mono.Security.Protocol.Tls.SslClientStream.OnNegotiateHandshakeCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 \n at
Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback
(IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 "


As I've said this is intermittent - and is normally resolved by restarting
the app (but a user would see this as a crash)
Comment 3 Prashant Cholachagudda 2013-05-06 05:15:23 UTC
More information:

0xCC in
System.Security.Cryptography.X509Certificates.X509Store.Open C#
0x1F in
System.Security.Cryptography.X509Certificates.X509Chain.get_UserRootStore
C#
0x26 in
System.Security.Cryptography.X509Certificates.X509Chain.get_Roots C#
0x28 in
System.Security.Cryptography.X509Certificates.X509Chain.get_CertificateCollection
C#
0x1 in
System.Security.Cryptography.X509Certificates.X509Chain.FindParent C#
0x13 in
System.Security.Cryptography.X509Certificates.X509Chain.BuildChainFrom C#
0x19 in
System.Security.Cryptography.X509Certificates.X509Chain.Build C#
0xA9 in
System.Net.ServicePointManager.ChainValidationHelper.ValidateChain C#
0xF in
Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation2
C#
0x2 in
Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation2
C#
0x2 in
Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation2
C#
0x26 in
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
C#
0x5B in
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
C#
0x38 in
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process C#
0x3A in
Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage
C#
0x12A in
Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback
C#

I believe I got this by calling static maps urls like:

private const string Template =
@"https://maps.googleapis.com/maps/api/staticmap?center={0},{1}&zoom=12&size={2}&sensor=false&key={3}&markers=color:blue%7Clabel:M%7C{0},{1}";
Comment 4 Miguel de Icaza [MSFT] 2013-05-22 14:37:48 UTC
The key error message seems to be "Store Root Does Not Exist"

Sebastien, does this ring a bell?
Comment 5 Sebastien Pouliot 2013-05-22 15:32:35 UTC
How are the exception caught ? Store exception are "normal", when they don't exists, and the code adjust itself [1].

> As I've said this is intermittent - and is normally resolved by restarting
> the app (but a user would see this as a crash)

But that cannot cause intermittent errors. A store exists (or not) and a chain can be build (or not).


[1] That does not affect iOS. As discussed a few months ago (with jonp) Android uses it's own code to validate the certificate (it's delegated to the OS) but it needs to order them correctly - so it still use X509Chain (which is why those exceptions can be seen).
Comment 6 Pavel 2013-12-02 05:37:51 UTC
I have same exception when i use Azure Mobile Services.

System.Security.Cryptography.CryptographicException: Store Root doesn't
exists.
Exception:

System.Security.Cryptography.CryptographicException: Store CA doesn't
exists.

If this exception raised in fragment's OnCreate event app crashes completely.

Some projects raise it, some projects don't. It's complete random.
This exception does not prevent data picking.
Comment 7 Jonathan Pryor 2013-12-12 15:42:39 UTC
How do I reproduce this issue?

The original report mentions sample code, which is handy...but how do I trigger the error? What do I need to do within the app to trigger the crash? Does it crash on all devices, or just certain devices?

The YouTube video at 59:30 doesn't immediately help me; it's _looks_ like he just launches the app, types something, and it crashes.

When I try the same thing with a Xamarin.Android app, it launches, I type "MonoTouch", and it proceeds to _not_ crash, and gives me results.
Comment 8 Jonathan Pryor 2013-12-12 15:53:05 UTC
To elaborate on Comment #5...

The IDE's have the ability to control which exceptions it will automatically break on, e.g. Xamarin Studio's Run > Exceptions... dialog, and Visual Studio's Debug > Exceptions... dialog.

It is thus possible to "break on all thrown exceptions", _even when_ they are handled/caught.

Consequently, if we assume:

1. A class library which internally generates AND HANDLES exceptions
2. An IDE configured to break on all throws

Then when debugging any app using (1) the debugger will break, _apparently_ on an erroneous condition, but it's NOT an error.
Comment 9 Michal Dobrodenka 2014-01-28 05:50:29 UTC
I'm getting this exception on 4.12 (not 4.10.1), ONLY when in release mode.

On this line when connecting to https:
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
...
Comment 10 Jonathan Pryor 2014-01-28 11:28:42 UTC
@Michal: The issue you mention in Comment #9 is Bug #17397.
Comment 11 Chris Hardy [MSFT] 2017-07-05 17:41:42 UTC
Because we have not received a reply to our request for more information we are closing this issue. If you are still encountering this issue, please reopen the ticket with the requested information. Thanks!