public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; var configuration = NSUrlSessionConfiguration.DefaultSessionConfiguration; // System.Net.ServicePointManager.SecurityProtocol provides a mechanism for specifying supported protocol types // for System.Net. Since iOS only provides an API for a minimum and maximum protocol we are not able to port // this configuration directly and instead use the specified minimum value when one is specified. configuration.TLSMinimumSupportedProtocol = SslProtocol.Tls_1_2; this.CertificatePinner = new CertificatePinner(); foreach (var pin in customSSLVerification.Pins) { this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys); } SetClientCertificate(customSSLVerification.ClientCertificate); var urlSessionDelegate = new DataTaskDelegate(this); session = NSUrlSession.FromConfiguration(configuration, (INSUrlSessionDelegate)urlSessionDelegate, null); // NSUrlSessionConfiguration.DefaultSessionConfiguration uses the default NSHttpCookieStorage.SharedStorage }
public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; // Enforce TLS1.2 SslProtocols = SslProtocols.Tls12; this.ServerCertificateCustomValidationCallback = (sender, cert, chain, errors) => { var hostname = sender.RequestUri.Host; if (!this.CertificatePinner.HasPins(hostname) || !this.CertificatePinner.Check(hostname, cert.RawData)) { errors = SslPolicyErrors.RemoteCertificateNameMismatch; } return(errors == SslPolicyErrors.None); }; this.CertificatePinner = new CertificatePinner(); // Add Certificate Pins foreach (var pin in customSSLVerification.Pins) { this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys); } // Set client credentials SetClientCertificate(customSSLVerification.ClientCertificate); if (cookieHandler != null) { this.CookieContainer = cookieHandler; } }
public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; var clientBuilder = client.NewBuilder(); var specsBuilder = new ConnectionSpec.Builder(ConnectionSpec.ModernTls).TlsVersions(TlsVersion.Tls12); var specs = specsBuilder.Build(); clientBuilder.ConnectionSpecs(new List <ConnectionSpec>() { specs }); clientBuilder.Protocols(new[] { Protocol.Http11 }); // Required to avoid stream was reset: PROTOCOL_ERROR clientBuilder.HostnameVerifier(new HostnameVerifier(customSSLVerification.Pins)); this.CertificatePinnerBuilder = new CertificatePinner.Builder(); // Add Certificate Pins foreach (var pin in customSSLVerification.Pins) { this.CertificatePinnerBuilder.Add(pin.Hostname, pin.PublicKeys); } clientBuilder.CertificatePinner(CertificatePinnerBuilder.Build()); // Set client credentials SetClientCertificate(customSSLVerification.ClientCertificate); // Set SslSocketFactory if (Build.VERSION.SdkInt < BuildVersionCodes.Lollipop) { // Support TLS1.2 on Android versions before Lollipop clientBuilder.SslSocketFactory(new TlsSslSocketFactory(KeyManagers, null), TlsSslSocketFactory.GetSystemDefaultTrustManager()); } else { var sslContext = SSLContext.GetInstance("TLS"); sslContext.Init(KeyManagers, null, null); clientBuilder.SslSocketFactory(sslContext.SocketFactory, TlsSslSocketFactory.GetSystemDefaultTrustManager()); } if (cookieHandler != null) { clientBuilder.CookieJar(cookieHandler); } client = clientBuilder.Build(); }
/// <summary> /// Initializes a new instance of the <see /// cref="ModernHttpClient.NativeMessageHandler"/> class. /// </summary> /// <param name="throwOnCaptiveNetwork">If set to <c>true</c> throw on /// captive network (ie: a captive network is usually a wifi network /// where an authentication html form is shown instead of the real /// content).</param> /// <param name="customSSLVerification">Enable custom SSL certificate /// verification via ServicePointManager. Disabled by default for /// performance reasons (i.e. the OS default certificate verification /// will take place)</param> /// <param name="cookieHandler">Enable native cookie handling. /// </param> public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) : base() { }