Forum Xamarin.Forms

Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED in Android. Works in iOS

Hi,

Please go through the below exception and suggest the resolution of this error.

  • Happens only when calling any API and only in Android. Works in iOS without any exceptions.
  • Using XF v4.0.30319
    Approaches tried:
    As mentioned in some forums, tried to change the HTTPClient of Android project to Android but didn't worked out.

Attached the complete exception

08-20 09:46:34.678 E/mono (13095): Unhandled Exception:
08-20 09:46:34.678 E/mono (13095): System.Net.Http.HttpRequestException: An error occurred while sending the request ---> System.Net.WebException: Error: TrustFailure (A call to SSPI failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
08-20 09:46:34.678 E/mono (13095): at /Users/builder/jenkins/workspace/xamarin-android-d15-8/xamarin-android/external/mono/external/boringssl/ssl/handshake_client.c:1132
08-20 09:46:34.678 E/mono (13095): at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in :0
08-20 09:46:34.678 E/mono (13095): at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in :0
08-20 09:46:34.678 E/mono (13095): at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus)
08-20 09:46:34.678 E/mono (13095): at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in :0
08-20 09:46:34.678 E/mono (13095): at Mono.Net.Security.AsyncProtocolRequest+d__24.MoveNext () [0x000ff] in :0
08-20 09:46:34.678 E/mono (13095): --- End of stack trace from previous location where exception was thrown ---
08-20 09:46:34.678 E/mono (13095): at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <43dbbdc147f2482093d8409abb04c233>:0
08-20 09:46:34.678 E/mono (13095): at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <43dbbdc147f2482093d8409abb04c233>:0
08-20 09:46:34.678 E/mono (13095): at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <43dbbdc147f2482093d8409abb04c233>:0
08-20 09:46:34.678 E/mono (13095): at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <43dbbdc147f2482093d8409abb04c233>:0
08-20 09:46:34.678 E/mono (13095): at Mono.Net.Security.AsyncProtocolRequest+d__23.MoveNext () [0x0008b] in :0
08-20 09:46:34.678 E/mono (13095): --- End of inner exception stack trace ---

Posts

  • I have the exact same problem with a native Xamarin.Android client, iOS works fine as well. I believe the issue started to occur after upgrading to Visual Studio for Mac 7.6.

    System.Net.Http.HttpRequestException: An error occurred while sending the request ---> System.Net.WebException: Error: TrustFailure (A call to SSPI failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
    at /Users/builder/jenkins/workspace/xamarin-android-d15-8/xamarin-android/external/mono/external/boringssl/ssl/handshake_client.c:1132
    at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in :0
    at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in :0
    at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus)
    at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in :0
    at Mono.Net.Security.AsyncProtocolRequest+d__24.MoveNext () [0x000ff] in :0
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <43dbbdc147f2482093d8409abb04c233>:0
    at Mono.Net.Security.AsyncProtocolRequest+d__23.MoveNext () [0x0008b] in :0
    --- End of inner exception stack trace ---
    at Mono.Net.Security.MobileAuthenticatedStream+d__47.MoveNext () [0x00254] in :0
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <43dbbdc147f2482093d8409abb04c233>:0
    at Mono.Net.Security.MonoTlsStream+d__17.MoveNext () [0x00126] in :0
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <43dbbdc147f2482093d8409abb04c233>:0

  • I have the exact same problem with a native Xamarin.Android client, iOS works fine as well. I believe the issue started to occur after upgrading to Visual Studio for Mac 7.6.

    System.Net.Http.HttpRequestException: An error occurred while sending the request ---> System.Net.WebException: Error: TrustFailure (A call to SSPI failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
    at /Users/builder/jenkins/workspace/xamarin-android-d15-8/xamarin-android/external/mono/external/boringssl/ssl/handshake_client.c:1132
    at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in :0
    at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in :0
    at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus)
    at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in :0
    at Mono.Net.Security.AsyncProtocolRequest+d__24.MoveNext () [0x000ff] in :0
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <43dbbdc147f2482093d8409abb04c233>:0
    at Mono.Net.Security.AsyncProtocolRequest+d__23.MoveNext () [0x0008b] in :0
    --- End of inner exception stack trace ---
    at Mono.Net.Security.MobileAuthenticatedStream+d__47.MoveNext () [0x00254] in :0
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult () [0x00000] in <43dbbdc147f2482093d8409abb04c233>:0
    at Mono.Net.Security.MonoTlsStream+d__17.MoveNext () [0x00126] in :0
    --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <43dbbdc147f2482093d8409abb04c233>:0
    at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[TResult].GetResult () [0x00000] in <43dbbdc147f2482093d8409abb04c233>:0

  • PaulManciniPaulMancini USMember ✭✭

    I'm having the same problem. Wondering if anyone came up with a solution

  • LarsPerssonLarsPersson SEMember ✭✭

    I have the same error in older android phones. It works for my in newer Android 8 and Android 7. I but not in Android 4.1 or in Android 5.
    I am trying with different combinations of HttpClient Implementation and SSL/TLS implementation settings and in combination with ModernHttpClient that was a solution in an old forum thread i found.
    But i have no success so far...

  • MizuhoYasoshimaMizuhoYasoshima JPMember ✭✭

    I have the same error.
    - Android 4.4 OK
    - Android 5.0 NG
    - Android 5.1.1 OK
    - Android 6 or later OK

    I found that SslPolicyErrors.RemoteCertificateChainErrors is passed via RemoteCertificateValidationCallback for my case.
    # The error means that ChainStatus[] (passed via RemoteCertificateValidationCallback) has detailed error information,
    # but I couldn't access ChainStatus[] because of NotImplementedException..

    So following code works for me.

    ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicy) =>
    {
        if (sslPolicy == SslPolicyErrors.None)
            return true;
    
        if (sslPolicy == SslPolicyErrors.RemoteCertificateChainErrors &&
           ((HttpWebRequest)sender).RequestUri.AbsoluteUri.Equals("a trusted URL"))
            return true;
    
        return false;
    }
    

    I know this is bad solution. But I couldn't find out any other solution...

  • MizuhoYasoshimaMizuhoYasoshima JPMember ✭✭

    **Please ignore my previous post. **
    My Android device's date was too old ("March / ?? / 2017").
    The certificate in the web server is available after May / ?? / 2018.
    So certificate error (not available) was occurred.

    I fixed my device's date and the confirmed that the issue was fixed.
    I'm so sorry for bothering you.

  • RenstarRenstar Member

    We're having a similar issue. We updated our SSL to see if that would fix the issue and nothing. I have the typical workaround as suggested above to use the ServerCertificateValidationCallback. I'm not sure why this is the case though as it was working just fine before. We've also tested the end point using a natively built iOS app using Swift and that worked with our backend server.

    Sadly, the amount of resources to build something in Xamarin is 100000x smaller than the native communities so its making a problem like this hard to properly solve instead of using some work around randomly.

  • KingamattackKingamattack Member ✭✭

    I tried @fredyadriano90 solution but I still have the same issue, anyone has another workaround?

  • ScottNimrodScottNimrod USMember ✭✭

    Any updates on this?
    I've been stuck for several days now.

  • PrasanthKumarPrasanthKumar INMember ✭✭

    Request someone to help in this exception context. No solution yet. One thing we found is, the approach of bypassing the Server Certificate validation works in VS 2017 but not in VS 2019. We have tried multiple approaches to see and debug the ServerCertificateValidationCallback in VS 2019 but unable to do it.

    The HTTPS API calls are not being invoked in VS 2019 but the same code works in VS 2017. No clue what is happening.

  • MarketAllyMarketAlly USMember ✭✭

    After having this happen, I discovered the issue stems from the server. In my case, my cert passed the checks - even some Android devices worked but the issue was a server issue despite getting passing marks for certificate installation.

    The server configuration, you must support "forward secrecy" Otherwise you will get the error above on some Android devices while others work.

    Hope this helps someone.

  • IrgiIrgi USMember ✭✭

    I am having the same issue with my Xamarin Android app (VS 2019) trying to connect to a webservice hosted on IIS using a self signed certificate.
    The fix
    ServicePointManager.ServerCertificateValidationCallback += (o, cert, chain, errors) => true;
    was in my code for three years workin fine, but now it seems to have quit working.
    To me it seems like it quit working with the beginning of 2020, but I am not 100% surce if that's the case for all of the devices.

  • @Irgi said:
    I am having the same issue with my Xamarin Android app (VS 2019) trying to connect to a webservice hosted on IIS using a self signed certificate.
    The fix
    ServicePointManager.ServerCertificateValidationCallback += (o, cert, chain, errors) => true;
    was in my code for three years workin fine, but now it seems to have quit working.
    To me it seems like it quit working with the beginning of 2020, but I am not 100% surce if that's the case for all of the devices.

    There is a new update, you may use the following :

    var httpClientHandler = new HttpClientHandler();
    httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; };
    using (var client = new HttpClient(httpClientHandler))
    {
    var response = await client.PostAsync(url, content);
    }

  • I got the same issue connecting from an Android Xamarin App to an Azure App Service with ARR affinity turned off. Setting ARR affinity to On solved the problem, but I would like to find a solution with ARR affinity off.

Sign In or Register to comment.