[M4A] Clear RemoteCertificateChainErrors if Android validates the chain.

[mono.git] / mcs / class / System / System.Net / ServicePointManager.cs

diff --git a/mcs/class/System/System.Net/ServicePointManager.cs b/mcs/class/System/System.Net/ServicePointManager.cs
index 951389772dfd98d64db0fc519bbc58d775bea8f9..0004076e0d405eb6c96be5d60e5c8ffa5080a97f 100644 (file)
--- a/mcs/class/System/System.Net/ServicePointManager.cs
+++ b/mcs/class/System/System.Net/ServicePointManager.cs
@@ -510,6 +510,13 @@ namespace System.Net
 
 #if MONODROID
                                result = AndroidPlatform.TrustEvaluateSsl (certs, sender, leaf, chain, errors);
+                               if (result) {
+                                       // chain.Build() + GetErrorsFromChain() (above) will ALWAYS fail on
+                                       // Android (there are no mozroots or preinstalled root certificates),
+                                       // thus `errors` will ALWAYS have RemoteCertificateChainErrors.
+                                       // Android just verified the chain; clear RemoteCertificateChainErrors.
+                                       errors  &= ~SslPolicyErrors.RemoteCertificateChainErrors;
+                               }
 #endif
 
                                if (policy != null && (!(policy is DefaultCertificatePolicy) || cb == null)) {