return chain;
}
- public static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
+ static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
{
#if MOBILE
- return true;
+ return false;
#else
if (is_macosx)
- return true;
+ return false;
var leaf = (X509Certificate2)certs [0];
static bool CheckUsage (XX509CertificateCollection certs, string host, ref SslPolicyErrors errors, ref int status11)
{
#if !MONOTOUCH
- var leaf = (X509Certificate2)certs[0];
+ var leaf = certs[0] as X509Certificate2;
+ if (leaf == null)
+ leaf = new X509Certificate2 (certs[0]);
// for OSX and iOS we're using the native API to check for the SSL server policy and host names
if (!is_macosx) {
if (!CheckCertificateUsage (leaf)) {
return false;
}
- if (host != null && !CheckServerIdentity (leaf, host)) {
+ if (!string.IsNullOrEmpty (host) && !CheckServerIdentity (leaf, host)) {
errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
status11 = -2146762481; // CERT_E_CN_NO_MATCH 0x800B010F
return false;
static bool EvaluateSystem (XX509CertificateCollection certs, XX509CertificateCollection anchors, string host, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
{
var leaf = certs [0];
- var result = false;
+ bool result;
#if MONODROID
result = AndroidPlatform.TrustEvaluateSsl (certs);
result = (trustResult == OSX509Certificates.SecTrustResult.Proceed ||
trustResult == OSX509Certificates.SecTrustResult.Unspecified);
} catch {
+ result = false;
+ errors |= SslPolicyErrors.RemoteCertificateChainErrors;
// Ignore
}
status11 = (int)trustResult;
errors |= SslPolicyErrors.RemoteCertificateChainErrors;
}
+ } else {
+ result = BuildX509Chain (certs, chain, ref errors, ref status11);
}
#endif
#if MOBILE
return false;
#else
+ if (!is_macosx)
+ return true;
if (!CertificateValidationHelper.SupportsX509Chain)
return false;
if (settings != null)