我尝试在Xamarin中实现RestSharp(http://restsharp.org/)客户端。但是一旦我尝试连接到服务器,我就会得到例外:System.IO.IOException: The authentication or decryption has failed
当我使用命令certmgr -ssl https://myservice.com/api --machine检查时,我收到同样的错误。
所以我的结论是:Mono没有存储受信任的根证书。
但是当我尝试导入它们时:mozroots --import --machine --sync
它不起作用,因为Mac OS X Sierra不允许访问目录"/usr/share/.mono"。该脚本抛出错误:Error: System.UnauthorizedAccessException: Access to the path "/usr/share/.mono" is denied.因为我无法存储单声道的根。
然后我尝试添加证书验证回调,如:
public static class Security {
public static System.Security.Cryptography.AesCryptoServiceProvider aesCryptoServiceProvider = new System.Security.Cryptography.AesCryptoServiceProvider();
public static void RegisterValidationCallBack() {
ServicePointManager.ServerCertificateValidationCallback += CertificateValidationCallBack;
Console.WriteLine("### registered validation callback");
}
private static bool CertificateValidationCallBack(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) {
Console.WriteLine("### validating: " + certificate);
// If the certificate is a valid, signed certificate, return true.
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None) {
Console.WriteLine("### no ssl policy errors");
return true;
}
// If there are errors in the certificate chain, look at each error to determine the cause.
if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0) {
if (chain != null && chain.ChainStatus != null) {
foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus) {
if ((certificate.Subject == certificate.Issuer) &&
(status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot)) {
// Self-signed certificates with an untrusted root are valid.
Console.WriteLine("### self signed cert");
continue;
} else {
if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError) {
// If there are any other errors in the certificate chain, the certificate is invalid,
// so the method returns false.
Console.WriteLine("### error in certificate chain");
return false;
}
}
}
}
// When processing reaches this line, the only errors in the certificate chain are
// untrusted root errors for self-signed certificates. These certificates are valid
// for default Exchange server installations, so return true.
return true;
} else {
// In all other cases, return false.
return false;
}
}
}
并在此处安装了回调:
public partial class App : Application {
public App() {
Security.RegisterValidationCallBack();
InitializeComponent();
MainPage = new TabbedMainPage();
}
protected override void OnStart() {
// Handle when your app starts
}
protected override void OnSleep() {
// Handle when your app sleeps
}
protected override void OnResume() {
// Handle when your app resumes
}
}
但似乎回调甚至没有出于某种原因使用...输出没有出现在输出窗口中。
我错过了什么?