ServerCertificateCustomValidationCallback throws PlatformNotSupportedException in CentOS.7-x64

[deepumi]

As @bartonjs suggested, I am creating a new issue for CentOS. #17723

When using ServerCertificateCustomValidationCallback in .Net Core 1.0.1 CentOS 7 64 bit Azure VM, I am getting the following error

System.PlatformNotSupportedException: The libcurl library in use (7.29.0) and its 
SSL backend ("NSS/3.19.1 Basic ECC") do not support custom handling of certificates. 
A libcurl built with OpenSSL is required.
 
 at System.Net.Http.CurlHandler.SslProvider.SetSslOptions(EasyRequest easy, ClientCertificateOption clientCertOption)
   at System.Net.Http.CurlHandler.EasyRequest.InitializeCurl()
   at System.Net.Http.CurlHandler.MultiAgent.ActivateNewRequest(EasyRequest easy)


End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Net.Http.HttpClient.<FinishSendAsync>d__58.MoveNext()

--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at hwapp.Program.<MakeWebRequest>d__1.MoveNext()

Sample code

static void Main(string[] args)
{
   MakeWebRequest().GetAwaiter().GetResult();
   Console.WriteLine("Press any key to exit!");
   Console.ReadKey();
}

private static async Task MakeWebRequest()
{
   var handler = new HttpClientHandler()
   {
     AllowAutoRedirect = false,
     AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip 
   };
  
   handler.ServerCertificateCustomValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

  try
  {
     using (var client = new HttpClient(handler))
     {
        var result = await client.GetAsync("https://www.google.com");
	Console.WriteLine(result.StatusCode.ToString());
     }
  }
  catch (Exception exception)
  {
    Console.WriteLine(exception.ToString());
  }
}

[stephentoub]

The exception message describes the cause and the limitation and suggests the workaround:

The libcurl library in use (7.29.0) and its 
SSL backend ("NSS/3.19.1 Basic ECC") do not support custom handling of certificates. 
A libcurl built with OpenSSL is required.

Custom handling of certificates, e.g. ServerCertificateCustomValidationCallback, requires interaction with System.Security.Cryptography.X509Certificates, which is based on OpenSSL. Thus if libcurl is using a different SSL backend (in your case, NSS), this functionality won't work, because the certificate data won't be understood by the X509Certificates library. The workaround is to switch which libcurl you're using to one that uses OpenSSL.

[karelz]

Closing as by design - see answer above.

[deepumi]

@stephentoub Do you have any documentation to deal the switch part.

The workaround is to switch which libcurl you're using to one that uses OpenSSL.

[deepumi]

Similar issue with PowerShell dotnet/corefx#2511.

[karelz]

@Priya91 do you know if we have docs on that? If not, we should create issue to track adding it.

[deepumi]

@Priya91 @stephentoub @karelz Thank you all.

The issue has been resolved.