How to resolve Javax.Net.Ssl.SSLHandshakeException in xamarin forms

Question

I am working on application in Xamarin forms for Android and iOS. App is getting data from Rest Api and It was working fine till yesterday but today some SSL issues was fixed from the server admin. Now Rest Api is working fine from Chrome browser and we are getting data. Even it is working on Visual Studio for Mac and working fine on simulator.

But on Android it is not working. I have checked the domain with https://www.digicert.com/help/ and it gives the OK result as "Congratulations! This certificate is correctly installed.".

I am using the below code:

var response = client.GetAsync(urlCategories).Result;
string content = "";
if (response.IsSuccessStatusCode)
{
    var responseContent = response.Content; 
    content = responseContent.ReadAsStringAsync().Result;
}

Below is the complete stack trace of the error:

{Javax.Net.Ssl.SSLHandshakeException: 
Chain validation failed ---> Java.Security.Cert.CertificateException: 
Chain validation failed ---> Java.Security.Cert.CertPathValidatorException: 
OCSP response does not include a response for a certificate supplied in the OCSP request ---> Java.Security.Cert.CertPathValidatorException: 
OCSP response does not include a response for a certificate supplied in the OCSP request
   --- End of inner exception stack trace ---
   --- End of inner exception stack trace ---
   --- End of inner exception stack trace ---
  at Java.Interop.JniEnvironment+InstanceMethods.CallVoidMethod (Java.Interop.JniObjectReference instance, Java.Interop.JniMethodInfo method, Java.Interop.JniArgumentValue* args) [0x00069] in <42dc777b518744fdae9988e94489a4a0>:0 
  at Java.Interop.JniPeerMembers+JniInstanceMethods.InvokeAbstractVoidMethod (System.String encodedMember, Java.Interop.IJavaPeerable self, Java.Interop.JniArgumentValue* parameters) [0x00014] in <42dc777b518744fdae9988e94489a4a0>:0 
  at Javax.Net.Ssl.HttpsURLConnectionInvoker.Connect () [0x0000a] in <1219ce5aae934ab095dc0e05b2110050>:0 
  at Xamarin.Android.Net.AndroidClientHandler+<>c__DisplayClass43_0.<ConnectAsync>b__0 () [0x0005a] in <1219ce5aae934ab095dc0e05b2110050>:0 
  at System.Threading.Tasks.Task.InnerInvoke () [0x0000f] in <d4a23bbd2f544c30a48c44dd622ce09f>:0 
  at System.Threading.Tasks.Task.Execute () [0x00000] in <d4a23bbd2f544c30a48c44dd622ce09f>:0 
--- End of stack trace from previous location where exception was thrown ---
  at Xamarin.Android.Net.AndroidClientHandler+<DoProcessRequest>d__45.MoveNext () [0x0012e] in <1219ce5aae934ab095dc0e05b2110050>:0 
--- End of stack trace from previous location where exception was thrown ---
  at Xamarin.Android.Net.AndroidClientHandler+<SendAsync>d__40.MoveNext () [0x00230] in <1219ce5aae934ab095dc0e05b2110050>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Net.Http.HttpClient+<SendAsyncWorker>d__49.MoveNext () [0x000ca] in <25ebe1083eaf4329b5adfdd5bbb7aa57>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Net.Http.HttpClient+<GetStringAsync>d__54.MoveNext () [0x0007d] in <25ebe1083eaf4329b5adfdd5bbb7aa57>:0 
--- End of stack trace from previous location where exception was thrown ---
  at Guldasta.Gen+<GetMenuItems>d__86.MoveNext () [0x00045] in E:\05_Xamarin_Projects\GuldastaApp\Guldasta\Guldasta\Guldasta\General\Gen.cs:62 
  --- End of managed Javax.Net.Ssl.SSLHandshakeException stack trace ---
javax.net.ssl.SSLHandshakeException: Chain validation failed
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
    at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:1477)
    at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:1423)
    at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:1367)
    at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:219)
    at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:142)
    at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:104)
    at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:392)
    at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:325)
    at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:489)
    at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:131)
    at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
    at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(Unknown Source:0)
Caused by: java.security.cert.CertificateException: Chain validation failed
    at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:788)
    at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:612)
    at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:633)
    at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:678)
    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:499)
    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:422)
    at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:343)
    at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
    at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
    at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:203)
    at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:607)
    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
    ... 12 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response does not include a response for a certificate supplied in the OCSP request
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:225)
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:143)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
    at com.android.org.conscrypt.DelegatingCertPathValidator.engineValidate(DelegatingCertPathValidator.java:44)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:301)
    at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:784)
    ... 24 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response does not include a response for a certificate supplied in the OCSP request
    at sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:416)
    at sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:709)
    at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:363)
    at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:337)
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
    ... 30 more
    Suppressed: java.security.cert.CertPathValidatorException: Could not determine revocation status
        at sun.security.provider.certpath.RevocationChecker.buildToNewKey(RevocationChecker.java:1092)
        at sun.security.provider.certpath.RevocationChecker.verifyWithSeparateSigningKey(RevocationChecker.java:910)
        at sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:577)
        at sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:465)
        at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:394)
        ... 32 more

Do anyone have the idea how can solve this issue?

Answer 1

This works for Android:

    //Code for disabling SSL certificate

    internal class BypassHostnameVerifier : Java.Lang.Object, IHostnameVerifier
    {

        public bool Verify(string hostname, ISSLSession session)
        {
            return true;
        }
    }


    internal class BypassSslValidationClientHandler : Xamarin.Android.Net.AndroidClientHandler
    {

        protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
        {
            return Android.Net.SSLCertificateSocketFactory.GetInsecure(1000, null);
        }


        protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
        {
            return new BypassHostnameVerifier();
        }
    }

var handler = new BypassSslValidationClientHandler(); using (HttpClient client = new HttpClient(handler)) using this handler in HTTP request

Note: this is the temporary workaround you should fix this issue on the server side. (API side)