Bug 7539 - ERROR building certificate chain: Unsupported hash algorithm
Summary: ERROR building certificate chain: Unsupported hash algorithm
Status: RESOLVED FIXED
Alias: None
Product: Android
Classification: Xamarin
Component: BCL Class Libraries ()
Version: 4.2.x
Hardware: PC Windows
: Normal normal
Target Milestone: ---
Assignee: Bugzilla
URL:
: 8715 ()
Depends on:
Blocks:
 
Reported: 2012-09-28 14:47 UTC by Matt Hackman
Modified: 2017-06-28 19:56 UTC (History)
6 users (show)

Tags: bb clb
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Matt Hackman 2012-09-28 14:47:14 UTC
Hello support,

I've come across a bug in the latest 4.2.6 concerning an SSL web request.  I use the below code to import a certificate collection and add it to my https web request:

try {
X509Certificate2Collection certCollection = new X509Certificate2Collection();
                certCollection.Import(pathToCertificate, string.Empty, X509KeyStorageFlags.UserKeySet);

                HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
                request.ClientCertificates.AddRange(certCollection);
                request.KeepAlive = true;
                request.Timeout = timeout;
                if (localAddress != null)
                    request.ServicePoint.BindIPEndPointDelegate = delegate(ServicePoint sp, IPEndPoint ep, int x) { return new IPEndPoint(localAddress, 0); };
                if (acceptAllCerts)
                {
                    ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
                    ServicePointManager.Expect100Continue = true;
                    ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(AcceptAllCertifications);
                }
                HttpWebResponse response = (HttpWebResponse)request.GetResponse();
}
catch(Exception ex) {
Log.Error(ex.Message, ex.StackTrace);
}

For testing purposes, my server certificate validation callback accepts all certs regardless.  I receive the following exception in my log file:

I/mono-stderr( 4636): ERROR building certificate chain: System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.113549.1.1.11
I/mono-stderr( 4636):   at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.RSA rsa) [0x00000] in <filename unknown>:0 
I/mono-stderr( 4636):   at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.AsymmetricAlgorithm aa) [0x00000] in <filename unknown>:0 
I/mono-stderr( 4636):   at System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith (System.Security.Cryptography.X509Certificates.X509Certificate2 signed, System.Security.Cryptography.AsymmetricAlgorithm pubkey) [0x00000] in <filename unknown>:0 
I/mono-stderr( 4636):   at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00000] in <filename unknown>:0 
I/mono-stderr( 4636):   at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00000] in <filename unknown>:0 
I/mono-stderr( 4636):   at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0 
I/mono-stderr( 4636):   --- End of inner exception stack trace ---
I/mono-stderr( 4636):   at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0 
I/mono-stderr( 4636):   at System.Net.ServicePointManager+ChainValidationHelper.ValidateChain (Mono.Security.X509.X509CertificateCollection certs) [0x00000] in <filename unknown>:0 
I/mono-stderr( 4636): Please, report this problem to the Mono team

However, this same code works flawlessly in the 4.0.4 version of the Mono for Android libraries.  My request is certified and I receive a valid response from the URL.  I am not sure if this code worked in any of the versions between 4.0.4 and 4.2.6 but I have confirmed that reverting to 4.0.4 does indeed fix this problem.

If I can assist in pinpointing which version this problem first occurred in please let me know. I would just need installers for the earlier versions.  I'm just hoping for a fix to take advantage of the latest version.

Thank you very much for a great product!

Matt Hackman
Software Engineer
Comment 1 Klaas Troost 2012-12-02 11:00:27 UTC
*** Bug 8715 has been marked as a duplicate of this bug. ***
Comment 2 Andres 2013-06-20 22:25:51 UTC
I'm having the same issue at the latest version of Xamarin.Android. It's an internal exception so the APP keeps working but it's annoying

ERROR building certificate chain: System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.113549.1.1.11
  at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.RSA rsa) [0x00000] in <filename unknown>:0 
  at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.AsymmetricAlgorithm aa) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith (System.Security.Cryptography.X509Certificates.X509Certificate2 signed, System.Security.Cryptography.AsymmetricAlgorithm pubkey) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0 
  --- End of inner exception stack trace ---
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0 
  at System.Net.ServicePointManager+ChainValidationHelper.ValidateChain (Mono.Security.X509.X509CertificateCollection certs) [0x00000] in <filename unknown>:0 
Please, report this problem to the Mono team

=== Xamarin Studio ===

Version 4.0.8 (build 2)
Installation UUID: 0a6a9fc9-f095-4eaf-8828-7b71d443b756
Runtime:
	Microsoft .NET 4.0.30319.18047
	GTK 2.24.13
	GTK# (2.12.0.0)

=== Xamarin.Android ===

Version: 4.6.8 (Trial Edition)
Android SDK: C:\Users\User\AppData\Local\Android\android-sdk
	Supported Android versions:
		2.1   (API level 7)
		2.2   (API level 8)
		2.3   (API level 10)
		3.1   (API level 12)
		4.0   (API level 14)
		4.0.3 (API level 15)
		4.1   (API level 16)
		4.2   (API level 17)
Java SDK: C:\Program Files (x86)\Java\jdk1.6.0_31

=== Build Information ===

Release ID: 400080002
0a09117dec1aed78c735ac46f7a50ae7d12f7a7a
Build date: 2013-05-16 17:54:42Z
Xamarin addins: 78d0437c3f92ae13042f81e5fd9487e2c28d5fbc

=== Operating System ===

Windows 6.1.7601.65536 (64-bit)
Comment 3 Tim 2015-03-06 09:18:42 UTC
I have also experienced this issue. It started, I believe, when utilizing a new startSSL certificate on my webdav server. I am running KeePass in Mono. It runs in a script so this MAY have been having this error for some time and I just didn't notice.

I am running mono on Fedora 19.

ERROR building certificate chain: System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.113549.1.1.11
  at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.RSA rsa) [0x00000] in <filename unknown>:0 
  at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.AsymmetricAlgorithm aa) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith (System.Security.Cryptography.X509Certificates.X509Certificate2 signed, System.Security.Cryptography.AsymmetricAlgorithm pubkey) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00000] in <filename unknown>:0 
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0 
  --- End of inner exception stack trace ---
  at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0 
  at System.Net.ServicePointManager+ChainValidationHelper.ValidateChain (Mono.Security.X509.X509CertificateCollection certs) [0x00000] in <filename unknown>:0 
Please, report this problem to the Mono team
Comment 4 Cody Beyer (MSFT) 2017-06-28 19:56:32 UTC
Thank you for taking the time to submit this report. After reviewing the description of this bug, we believe it no longer affects the current version of Xamarin.Android. If you are still experiencing the issue after updating your packages, please reopen this report with an attached reproduction.