Xamarin支持SNI与Apple TLS(不是Mono TLS)?

时间:2016-08-26 14:07:58

标签: c# ios xamarin xamarin.ios tls1.2

通过Xamarin.iOS应用程序调用内部api服务器时出现问题。

我们的反向代理服务器始终返回403 HTTP错误。服务器的日志表明:“没有通过SNI为基于名称的虚拟主机提供主机名”。

使用Mono TLS:没问题。但是使用Apple TLS它不起作用。我们已经测试了所有HTTP客户端实现:托管代码,NSUrlSession和CFNetwork,结果相同。

我知道Apple TLS支持SNI。我们的网络服务器在iPhone上使用Safari时提供的内容没有问题。

但是,使用Xamarin并特别使用Apple TLS,这是不可能的。

你有什么想法吗?

PS:我们通过证书验证

ServicePointManager.ServerCertificateValidationCallback 
   += (sender, certificate, chain, sslPolicyErrors) => {return true;};

1 个答案:

答案 0 :(得分:2)

使用NSUrlSession(适用于SNI):

webView = new WKWebView(new CGRect(40, 100, 400, 400), new WKWebViewConfiguration());
Add(webView);
button = new UIButton(UIButtonType.System);
button.Frame = new CGRect(40, 40, 100, 40);
button.SetTitle("Fetch", UIControlState.Normal);
Add(button);
button.TouchUpInside += async (object sender, EventArgs e) =>
{
    var url = new NSUrl("https://sni.velox.ch");
    var task = await NSUrlSession.SharedSession.CreateDataTaskAsync(url);
    webView.LoadHtmlString(NSString.FromData(task.Data, NSStringEncoding.UTF8), new NSUrl(""));
};

或使用bob.sni.velox.chalice.sni.velox.ch

TLS SNI Test Site: *.sni.velox.ch
Great! Your client [TLSv12wSNI/1.0 CFNetwork/808.0.1 Darwin/15.6.0]
sent the following TLS server name indication extension (RFC 6066) 
in its ClientHello (negotiated protocol: TLSv1.2, cipher suite: 
ECDHE-RSA-AES256-GCM-SHA384):

  sni.velox.ch

In your request, this header was included:
  Host: sni.velox.ch

使用HttpClient:

button.TouchUpInside += async (object sender, EventArgs e) =>
{
    ServicePointManager.ServerCertificateValidationCallback += (servicesender, certificate, chain, sslPolicyErrors) => { return true; };
    var client = new HttpClient();
    var response = await client.GetAsync("https://sni.velox.ch");
    webView.LoadHtmlString(new NSString(await response.Content.ReadAsStringAsync()), new NSUrl(""));
};

使用设置为Mono TLS的SSL / TLS实现(适用于SNI):

TLS SNI Test Site: *.sni.velox.ch

Great! Your client [TLSv12wSNI/1.0 CFNetwork/808.0.1 Darwin/15.6.0]
sent the following TLS server name indication extension (RFC 6066) in
its ClientHello (negotiated protocol: TLSv1.2, cipher suite: 
ECDHE-RSA-AES256-GCM-SHA384):

  sni.velox.ch

In your request, this header was included:

  Host: sni.velox.ch

将SSL / TLS实施设置为Apple TLS (default) :( BUG

错误:your client did not send a TLS server name indication extension

TLS SNI Test Site: alice.sni.velox.ch

Unfortunately, your client did not send a TLS server name indication
extension (RFC 4366) in its ClientHello (negotiated protocol: TLSv1.2,
cipher suite: ECDHE-RSA-AES256-GCM-SHA384), so you're probably 
getting warnings about certificate name mismatches.
In your request, this header was included:

  Host: sni.velox.ch

注意:

我们个人避免在iOS上使用HttpClient并始终使用iOS" native"网络课程/ API:NSUrlSessionNSURLConnection,....

Bug Filed:https://bugzilla.xamarin.com/show_bug.cgi?id=43794