[Mono.Android] use X509TrustManagerExtensions for `network_security…

…_config.xml` (#9302) Related to dotnet/runtime#107695 When `<domain-config ...>` is used in `network_security_config.xml` then all calls to `_internalTrustManager.CheckServerTrusted (javaChain, authType);` will throw an exception and we will always pass `SslPolicyErrors.RemoteCertificateChainErrors` to the custom server certificate validation callback. To fix this, it is necessary to use hostname-specific certificate check via `X509TrustManagerExtensions`.
dotnet · Sep 13, 2024 · 9321139 · 9321139
1 parent 7762fa0
commit 9321139
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/Mono.Android/Xamarin.Android.Net/ServerCertificateCustomValidator.cs b/src/Mono.Android/Xamarin.Android.Net/ServerCertificateCustomValidator.cs
@@ -6,6 +6,7 @@
 using System.Security.Cryptography.X509Certificates;
 
 using Android.OS;
+using Android.Net.Http;
 using Android.Runtime;
 using Javax.Net.Ssl;
 
@@ -53,7 +54,8 @@ public void CheckServerTrusted (JavaX509Certificate[] javaChain, string authType
 				var sslPolicyErrors = SslPolicyErrors.None;
 
 				try {
-					_internalTrustManager.CheckServerTrusted (javaChain, authType);
+					var trustManagerExtensions = new X509TrustManagerExtensions (_internalTrustManager);
+					trustManagerExtensions.CheckServerTrusted (javaChain, authType, _request.RequestUri.Host);
 				} catch (JavaCertificateException) {
 					sslPolicyErrors |= SslPolicyErrors.RemoteCertificateChainErrors;
 				}