I suggest you ...

Support server SSL certificate chain inspection in Portable Class Libraries

As requested in http://visualstudio.uservoice.com/forums/121579-visual-studio/suggestions/3158400-add-httpclient-support-in-portable-class-libraries there is now an HttpClient that can be used in Portable Class Libraries. The latest version of portable HttpClient today is 2.2.15 and it supports also SSL connections.

When a SSL connection is created, the HttpClient doesn't offer any way to inspect the x.509 certificate chain returned by the remote server. I want to implement certificate pinning for additional security in my app and therefore I need an API to read the values of individual x.509 certificates.

I've understood that this could be done in these frameworks:
- .NET FW 2.0 (or newer): using System.Net.ServicePointManager.ServerCertificateValidationCallback API (http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx)
- .NET FW 4.5 (or newer): using System.Net.Http.WebRequestHandler.ServerCertificateValidationCallback API (http://msdn.microsoft.com/en-us/library/system.net.http.webrequesthandler.servercertificatevalidationcallback.aspx)
- Windows runtime (8.1 onwards) : using APIs from Windows.Web.Http and Windows.Web.Http.Filfers namespaces (e.g. a custom filter assigned provided HttpClient that inspects certificate from request/response message HttpTransportInformation)

In particular, there seems to be no solution from Microsoft to do this in Windows Phone 8 platform (see http://stackoverflow.com/questions/17741740/read-ssl-certificate-details-on-wp8).

Now, given all these APIs already available in .NET FW or Windows Runtime, could we please get the support for inspecting the details of the server certificate chain directly from Portable Class Library? If you would implement this, I would be able to do certificate pinning in a Windows Phone 8 app and the portable library could work also on other .NET platforms.

267 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jani LirkkiJani Lirkki shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    7 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • JayJay commented  ·   ·  Flag as inappropriate

        we are also searching for Certificate Pinning on WP8 but still no luck....if have any details then please share

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        It would be really great if we could get support for HttpClient certificate handling to use it for certificate pinning.

      • DD commented  ·   ·  Flag as inappropriate

        Totally agree, WP is the only mobile platform not supporting SSL pinning, which makes it just unfeasible and way less secure than the other dominant mobile platforms ... missed chance.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I think this is seriously needed because there's a major threat of MiTM and CA compromise.

      Feedback and Knowledge Base