Client handler not recognizing my trusted API certificate

Question

I have a problem using HttpClientHandler, when I use a new instantiated API calls are considered unreliable, when using native this does not happen, does anyone know what may be happening? Or what must be done to make my handler behave properly?

Below are the code snippets where I instantiate and use it.

private static HttpClient ConfigureClient(string endpoint)
{
    return new HttpClient(_authenticatedHttpClientHandler)
    {
        BaseAddress = new Uri($"{Endpoints.FULL_URL}/{endpoint}"),
        Timeout = new TimeSpan(0, 0, ServiceConfiguration.TIMEOUT)
    };
}

public static void RegisterContainer(IContainerRegistry container)
{
     _authenticatedHttpClientHandler = new AuthenticatedHttpClientHandler();

    container.RegisterInstance(_authenticatedHttpClientHandler);
}

The certificate was created using the Let's Encrypt (wildcard) tutorial.

Stacktrace:

{System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Security.Interface.TlsException: CertificateUnknown at Mono.AppleTls.AppleTlsContext.EvaluateTrust () [0x000bf] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:306 at Mono.AppleTls.AppleTlsContext.ProcessHandshake () [0x00075] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.AppleTls/AppleTlsContext.cs:213 at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:840 at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00000] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:289 at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/AsyncProtocolRequest.cs:223 --- End of inner exception stack trace --- at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x0025c] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs:406 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x00176] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/Mono.Net.Security/MonoTlsStream.cs:137 at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x00170] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebConnection.cs:222 --- End of inner exception stack trace --- at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x00208] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebConnection.cs:234 at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x000f7] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebConnection.cs:263 at System.Net.WebOperation.Run () [0x00052] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebOperation.cs:268 at System.Net.WebCompletionSource1[T].WaitForCompletion () [0x0008e] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/WebCompletionSource.cs:111 at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func`1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000e8] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System/System.Net/HttpWebRequest.cs:956 at System.Net.Http.MonoWebRequestHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x0029b] in /Users/builder/jenkins/workspace/xamarin-macios/xamarin-macios/external/mono/mcs/class/System.Net.Http/MonoWebRequestHandler.cs:485 }

Answer 1

I have a problem using HttpClientHandler, when I use a new instantiated API calls are considered unreliable, when using native this does not happen, does anyone know what may be happening?

According to Managed section of TLS of iOS and Mac Managed implementation of HttpClient:

It is not fully integrated with the Apple OSes and is limited to TLS 1.0. It may not be able to connect to secure web servers or cloud services in the future.

And according to Transport Layer Security (TLS) 1.2:

April, 2018 – Due to increased security requirements, including PCI compliance, major cloud providers and web servers are expected to stop supporting TLS versions older than 1.2. Xamarin projects created in previous versions of Visual Studio default to use older versions of TLS.

So the native implementation of HttpClient should always be used instead of managed way to support TLS1.2+.