Not able to download file from Dropbox because failing to connect with SSL/TLS channel through WebClient in C#

Question

Trying to download an executable file from Dropbox's private folder to PC in a Windows Service using WebClient.DownloadFile(). But it is throwing error The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

What weired is, error occurring only in Windows XP (SP2) and not in Windows 7, 8 & 8.1. (Not tested in XP SP3 and Vista yet.)

Tried with:

WebClient.UseDefaultCredentials is true.
WebClient.Credentials = CredentialCache.DefaultNetworkCredentials or CredentialCache.DefaultCredentials.
http:// in URL instead of https://.

Is it possibly due to the SSL connection requiring a later version of SSL / TLS than XP supports? The server specifies what valid types of security are allowed on the connection. — lukevp, Feb 16 '15 at 19:18
For reference, as a matter of security, Dropbox did stop supporting SSLv3 some time ago. You should make sure you're using >=TLSv1.0. — Greg, Feb 17 '15 at 16:13

score 1 · Answer 1 · edited May 23 '17 at 11:50

Well, I solved it myself. Answer from this StackOverflow question, which has more votes, helped me to solve it.

My sample as follows:

public static void DownloadFileFromDropbox(string dropboxUrl, string file_name)
    WebClient webclient = null;
    try
    {
        webclient = new WebClient();

        ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidRemoteCertificate);

        if (File.Exists(UpdatesDirStr + file_name))
        {
            File.Delete(UpdatesDirStr + file_name);
        }
        webclient.DownloadFile(dropboxUrl, UpdatesDirStr + file_name);
    }
    catch (Exception ex)
    {
        throw ex;
    }
    finally
    {
        if (webclient != null)
        {
            webclient.Dispose();
            webclient = null;
        }
    }
}

private static bool ValidRemoteCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    if (certificate.Subject.Contains("dropboxusercontent.com"))
    {
        return true;
    }
    else if (certificate.Subject.Contains("dropbox.com"))
    {
        return true;
    }
    return false;
}

I still wonder how does it work properly? Because new RemoteCertificateValidationCallback(ValidRemoteCertificate) is not taking dropboxUrl from anywhere. So how X509Certificate certificate param in ValidRemoteCertificate method got the correct certificate from Dropbox.com?

Thanks for taking the time to post your solution, it helped me out. — Joseph Woodward, Feb 08 '16 at 16:28

Not able to download file from Dropbox because failing to connect with SSL/TLS channel through WebClient in C#

1 Answers1