Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ServerCertificateCustomValidationCallback throws PlatformNotSupportedException in CentOS.7-x64 #20595

Closed
deepumi opened this issue Mar 13, 2017 · 6 comments

Comments

@deepumi
Copy link

@deepumi deepumi commented Mar 13, 2017

As @bartonjs suggested, I am creating a new issue for CentOS. #17723

When using ServerCertificateCustomValidationCallback in .Net Core 1.0.1 CentOS 7 64 bit Azure VM, I am getting the following error

System.PlatformNotSupportedException: The libcurl library in use (7.29.0) and its 
SSL backend ("NSS/3.19.1 Basic ECC") do not support custom handling of certificates. 
A libcurl built with OpenSSL is required.
 
 at System.Net.Http.CurlHandler.SslProvider.SetSslOptions(EasyRequest easy, ClientCertificateOption clientCertOption)
   at System.Net.Http.CurlHandler.EasyRequest.InitializeCurl()
   at System.Net.Http.CurlHandler.MultiAgent.ActivateNewRequest(EasyRequest easy)


End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Net.Http.HttpClient.<FinishSendAsync>d__58.MoveNext()

--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at hwapp.Program.<MakeWebRequest>d__1.MoveNext()

Sample code

static void Main(string[] args)
{
   MakeWebRequest().GetAwaiter().GetResult();
   Console.WriteLine("Press any key to exit!");
   Console.ReadKey();
}

private static async Task MakeWebRequest()
{
   var handler = new HttpClientHandler()
   {
     AllowAutoRedirect = false,
     AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip 
   };
  
   handler.ServerCertificateCustomValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

  try
  {
     using (var client = new HttpClient(handler))
     {
        var result = await client.GetAsync("https://www.google.com");
	Console.WriteLine(result.StatusCode.ToString());
     }
  }
  catch (Exception exception)
  {
    Console.WriteLine(exception.ToString());
  }
}
@stephentoub
Copy link
Member

@stephentoub stephentoub commented Mar 13, 2017

The exception message describes the cause and the limitation and suggests the workaround:

The libcurl library in use (7.29.0) and its 
SSL backend ("NSS/3.19.1 Basic ECC") do not support custom handling of certificates. 
A libcurl built with OpenSSL is required.

Custom handling of certificates, e.g. ServerCertificateCustomValidationCallback, requires interaction with System.Security.Cryptography.X509Certificates, which is based on OpenSSL. Thus if libcurl is using a different SSL backend (in your case, NSS), this functionality won't work, because the certificate data won't be understood by the X509Certificates library. The workaround is to switch which libcurl you're using to one that uses OpenSSL.

@karelz
Copy link
Member

@karelz karelz commented Mar 13, 2017

Closing as by design - see answer above.

@karelz karelz closed this Mar 13, 2017
@deepumi
Copy link
Author

@deepumi deepumi commented Mar 13, 2017

@stephentoub Do you have any documentation to deal the switch part.

The workaround is to switch which libcurl you're using to one that uses OpenSSL.

@deepumi
Copy link
Author

@deepumi deepumi commented Mar 13, 2017

Similar issue with PowerShell dotnet/corefx#2511.

@karelz
Copy link
Member

@karelz karelz commented Mar 13, 2017

@Priya91 do you know if we have docs on that? If not, we should create issue to track adding it.

@deepumi
Copy link
Author

@deepumi deepumi commented Mar 16, 2017

@Priya91 @stephentoub @karelz Thank you all.

The issue has been resolved.

@msftgits msftgits transferred this issue from dotnet/corefx Jan 31, 2020
@msftgits msftgits added this to the 2.0.0 milestone Jan 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.