Problem statement
Cloudflare will introduce new Certificate Authorities (CA) for signing their certificates which may affect some Xamarin applications that are pinning old expired certificates. Using a platform with an outdated certificate manager that is not accepting the new CA and/or using an old version of OpenSSL (< 1.1.0 could have this issue).
Symptoms
Xamarin applications using the BoringSSL library may encounter errors accessing the tenant. Here are the details.
Solution
The easiest solution here is using AndroidClientHandler
. This should use Android’s SSL library with Xamarin, which supports the LetsEncrypt cert with the new root all the way up to Android 4.1.
Project-wide configuration
The recommended way is to set the AndroidClientHandler globally:
Programmatic configuration
If you wish to set this programmatically, you need to ensure you set the SDK’s Backchannel to new Xamarin.Android.Net.AndroidClientHandler()
var options = new Auth0ClientOptions() {
BackchannelHandler = new Xamarin.Android.Net.AndroidClientHandler()
};
var client = new Auth0Client(options);
Regardless of approach, we encourage reading through HttpClient Stack and SSL/TLS Implementation Selector for Android - Xamarin as it contains useful information about TLS 1.2 on Android when using Xamarin.