Bug 4001 - [iphone] Certificate works on safari, fails with Mono
Summary: [iphone] Certificate works on safari, fails with Mono
Status: RESOLVED FIXED
Alias: None
Product: iOS
Classification: Xamarin
Component: Xamarin.iOS.dll ()
Version: 4.x
Hardware: Other Other
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2012-03-20 22:35 UTC by Gonzalo Paniagua Javier
Modified: 2012-08-23 13:06 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Gonzalo Paniagua Javier 2012-03-20 22:35:54 UTC
From the monotouch mailing list:
"I’m having trouble with using Braintree Payments gateway because of an apparent invalid certificate returned from server. Everything works fine to their sandbox, but not to production, and they are 2 different issuers (and levels) of certificate:
 
https://sandbox.braintreegateway.com
https://www.braintreegateway.com
 
The iPhone itself seems to trust the www.braintreegateway.com one when I use Safari, but the Braintree C# API code is failing when I try it in MonoTouch. Works fine to the Sandbox one."

I offered the workaround to bypass certificatevalidation, but perhaps we should take a look at why this really fails.
Comment 1 Sebastien Pouliot 2012-03-23 10:11:12 UTC
I do not get an error while accessing both URL with WebClient. IOW this works on the both the iOS simulator and on devices (tested with iOS 5.1 which might have more recents certs that older devices).

		[Test]
		public void Safari_4001a ()
		{
			WebClient wc = new WebClient ();
			Assert.NotNull (wc.DownloadString ("https://sandbox.braintreegateway.com/"));
		}

		[Test]
		public void Safari_4001b ()
		{
			WebClient wc = new WebClient ();
			Assert.NotNull (wc.DownloadString ("https://www.braintreegateway.com"));
		}
Comment 2 Sebastien Pouliot 2012-08-23 10:56:20 UTC
Bug #5546 was hiding this failure.

This one was due to faulty bindings, the wrong SSL policy (non server) was used and this excluded some valid certificates with an error #5 (kSecTrustResultRecoverableTrustFailure).

Fixed in:
master: 684cd289cbc1cd88236688127c8a76a823d248b3
mono-2-10: 78320b91870f6ffae0c80b91dca57d7e3f1e375a
mobile-master: da82d6c9426a8a548d749957fc4af4a6c63011c5
monotouch-5.4-series: 1430bac24ecd9d3c20fb524c20720a67d2bac5a8

MonoTouch 5.4 will have this fix.
Comment 3 Sebastien Pouliot 2012-08-23 13:06:38 UTC
QA: unit tests added in mono touch/master