TLS connection: override certificate validation
Question
Despite attempting against all security measures I want my client to accept self-signed X.509 certificates like the one in our server. I am using the WP8 SKD plus a C# binding of Bouncy Castle for Windows Phone called bouncywp7.1, so most of its classes/methods are available.
The way this was done in Android was by creating my own Certificate Trust Manager and making it return true for all certificates.
public static void allowAllSSL()
{
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(final String hostname, final SSLSession session) {
return true;
}
});
SSLContext context = null;
try {
context = SSLContext.getInstance("TLS");
context.init(null, sTrustManagers, new SecureRandom());
} catch (final NoSuchAlgorithmException catchException) {
LoggerFactory.consoleLogger().printStackTrace(catchException);
} catch (final KeyManagementException catchException) {
LoggerFactory.consoleLogger().printStackTrace(catchException);
}
mFakeFactory = context.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(mFakeFactory);
}
What is the least painful way of doing the same on Windows Phone 8?
1 answers
solution1
7 ACCPTED 2012-11-29 02:26:54
AFAIK you can't trick SSL on WP8. You're either using SSL or you're not. You can't override certificate validation (or at least I've never heard about it).
If you're using SSL and you want a custom certificate to be used than the user should be the one installing it. eg by emailing the user the cer file, by having the user join your organization via the settings screen or even from your app by using Luncher.LaunchFileAsync() for a CER file.
For example, if you include FiddlerRoot.cer in your project (with Build Action = Content) you can ask the user to install it with the following code snippet:
private async void MainPage_Loaded(object sender, RoutedEventArgs e)
{
Launcher.LaunchFileAsync(await Package.Current.InstalledLocation.GetFileAsync("FiddlerRoot.cer"));
}
Running this code snippet shows the following dialogue to the user:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.