https://bugzilla.novell.com/show_bug.cgi?id=634817
https://bugzilla.novell.com/show_bug.cgi?id=634817#c2 --- Comment #2 from Jonathan Pryor <[email protected]> 2010-09-15 19:27:41 UTC --- After some cursory investigation, this looks slightly more complicated than I hoped. Brain dump follows. As best as I can currently determine, Android doesn't use any native C library to store certificates/etc., so P/Invokeing something is of no consequence. There are, however, Java libraries. Thus, a solution may look like: - Add a callback to the ServicePointManager.ServerCertificateValidationCallback property. This is invoked as part of validating HTTPS certificates. - This callback would need to obtain the X509 TrustManager, convert the .NET X509Chain+X509Certificate into Java equivalents, and use IX509MTrustManager.CheckServerTrusted(). - Unfortunately, how do we convert the managed types into equivalent Java types? My best guess is to use Java.Security.Cert.CertificateFactory.GenerateCertificate(InputStream) from X509Certificate.Export() (which returns a byte[]), which means we need a Stream -> InputStream adapter (byte[]->MemoryStream->InputStream). Plus, I'm probably missing something (e.g. how do I convert an X509Chain into an X509Certficate[]?). An alternate approach is to hope/pray that /system/etc/security/cacerts.bks (1) contains all the system-supplied certificates, and (2) won't change format or location in the future. We could then add support for the BouncyCastle BKS container format to our tooling, and just rely on that file. http://www.bouncycastle.org/specifications.html Either solution looks like lots of work. :-/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
