Notice (2018-05-24): bugzilla.xamarin.com is now in
Please join us on
Visual Studio Developer Community and in the
Mono organizations on
GitHub to continue tracking issues. Bugzilla will remain
available for reference in read-only mode. We will continue to work
on open Bugzilla bugs, copy them to the new locations
as needed for follow-up, and add the new items under Related
Our sincere thanks to everyone who has contributed on this bug
tracker over the years. Thanks also for your understanding as we
make these adjustments and improvements for the future.
Please create a new report on
Developer Community or GitHub with
your current version information, steps to reproduce, and relevant error
messages or log files if you are hitting an issue that looks similar to
this resolved bug and you do not yet see a matching new report.
Bug in Xamarin.IOS SSLStream
Description of Problem:
In SSLStream constructor one can provide a RemoteCertificateValidationCallback. This callback
has a X509Certificate as its third parameter.
Since the intruduction of Apple TLS this parameter can no longer be casted to ha X509Certificate2.
This is a big issue since in the validation callback I need to check the thumbprint of the certificate to make sure it is correct. I can no longer do that.
IF in project settings I set the SSL/TLS implementation to Mono (TLS 1.0) then it works again.
Steps to reproduce the problem:
1. Set SSL/TLS implementation to Apple TLS
2. Create new SSLStream from a tcp-stream.
3. Provide a RemoteCertificateValidationCallback delegate
certificate is a X509Certificate certificate in RemoteCertificateValidationCallback
certificate is a X509Certificate2 certificate in RemoteCertificateValidationCallback
How often does this happen?
Please include all version informations and a test case if possible that demonstrates your issue.
The easiest way to get exact version information is to use the
"Xamarin Studio" menu, "About Xamarin Studio" item, "Show Details"
button and copy/paste the version informations (you can use the
"Copy Information" button).
Xamarin Studio Community
Version 6.0 (build 5174)
Installation UUID: 6ad335c5-270d-4a92-9e12-015e92f249de
Mono 4.4.0 (mono-4.4.0-branch-c7-baseline/5995f74) (64-bit)
GTK+ 2.24.23 (Raleigh theme)
Package version: 404000182
Location: /Applications/Xamarin Profiler.app/Contents/MacOS/Xamarin Profiler
Version: 126.96.36.199 (Xamarin Studio Community)
Android SDK: /Users/johannorberg/Library/Developer/Xamarin/android-sdk-macosx
Supported Android versions:
2.3 (API level 10)
4.0.3 (API level 15)
4.1 (API level 16)
4.4 (API level 19)
5.1 (API level 22)
6.0 (API level 23)
SDK Tools Version: 24.4.1
SDK Platform Tools Version: 23.1
SDK Build Tools Version: 23.0.2
Java SDK: /usr
java version "1.8.0_31"
Java(TM) SE Runtime Environment (build 1.8.0_31-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.31-b07, mixed mode)
Android Designer EPL code available here:
Xamarin Android Player
Apple Developer Tools
Xcode 7.3.1 (10188.1)
Version: 188.8.131.523 (Xamarin Studio Community)
Build date: 2016-06-01 21:23:15-0400
Release ID: 600005174
Git revision: 694a75f040b7f2309bc43d4f78a3a6572ca898bf
Build date: 2016-06-01 17:28:08-04
Xamarin addins: 33f406fa2dcf214012c78cb846585f062b2e1d24
Build lane: monodevelop-lion-cycle7-baseline
Mac OS X 10.11.4
Darwin Johans-MBP-2.mydomain.example 15.4.0 Darwin Kernel Version 15.4.0
Fri Feb 26 22:08:05 PST 2016
@Johan you cannot assume a specific subclass will be provided by the delegate callback when it's called.
The .NET API  contract only guarantee a `X509Certificate`. The exact type is an implementation details and can change over time as we modify our implementation(s), like it just happened for AppleTLS support.
If you need an `X509Certificate2` instance then you must do the work yourself, e.g.
// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
// quick check to see if we're provided with what we need
X509Certificate2 x2 = (certificate as X509Certificate2);
// if we're not then we must create the instance of the type we need
if (x2 == null)
x2 = new X509Certificate2 (certificate.GetRawData ());
Ok great, not a bug then, just a difference in the implementation. Thank you.