#if MONODROID
result = AndroidPlatform.TrustEvaluateSsl (certs, sender, leaf, chain, errors);
+ if (result) {
+ // chain.Build() + GetErrorsFromChain() (above) will ALWAYS fail on
+ // Android (there are no mozroots or preinstalled root certificates),
+ // thus `errors` will ALWAYS have RemoteCertificateChainErrors.
+ // Android just verified the chain; clear RemoteCertificateChainErrors.
+ errors &= ~SslPolicyErrors.RemoteCertificateChainErrors;
+ }
#endif
if (policy != null && (!(policy is DefaultCertificatePolicy) || cb == null)) {