Problem statement
Android implementation suddenly stopped working with a response of Status Code 0.
Symptoms
- Custom implementation for a Xamarin app (not using our Xamarin SDK) AND
- pinning old expired certificates OR
- using a platform with an outdated certificate manager that is not accepting the new CA OR
- using an old version of OpenSSL (< 1.1.0 could have this issue).
Cause
Cloudflare CA switched from Digicert to LetsEncrypt
Solution
The easiest solution here is using AndroidClientHandler. This should use Android’s SSL library with Xamarin, which supports the LetsEncrypt cert with the new root up to Android 4.1.
Project-wide configuration
The recommended way is to set the AndroidClientHandler globally:
Programmatic configuration
If you wish to set this programmatically, you need to ensure to set the SDK’s Backchannel to new
Xamarin.Android.Net.AndroidClientHandler()
var options = new Auth0ClientOptions() {
BackchannelHandler = new Xamarin.Android.Net.AndroidClientHandler()
};
var client = new Auth0Client(options);
Regardless of approach, we encourage reading through HttpClient Stack and SSL/TLS Implementation Selector for Android - Xamarin as it contains useful information about TLS 1.2 on Android when using Xamarin:
HttpClient Stack and SSL/TLS Implementation Selector for Android - Xamarin | Microsoft Learn.