Comments (3)
I came across an issue related to Xamarin-Android on GitHub link provided and it suggested a solution. You can try adding the following code to your app to see if it resolves the problem:
var httpClientHandler = new HttpClientHandler();
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; }; //no SSL check needed yet
You can customize the return statement with your own verification codes later. If this helps to solve the issue, please let me know so that I can update the library accordingly. Thank you.
from downloader.
Hi, That two lines you found you found are not sufficient: it doesn't set a global SSL handler that will be used transparently by the whole application.
I am already using that technique in other parts of my app that are communicating with the same server (it is also a rest server), but the client handler created that way needs to be explicitly used for constructing the HttpClient instance you are going to use: this is taken from my working code (simplified a little bit)
public static HttpClient CreateHttpClient()
{
var handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback += MyInternalValidateCertificate;
result = new HttpClient(handler); // the handler has effect only for HttpClients created this way
}
I think (this is my personal interpretation) that the whole point is that they removed any global callback that can be used to disable application-wide SSL certificate checking, because it is a serious security threat that can be exploited by any public library you add to your application.
For example even your Downloader library actually is a security threat because it makes, application-wide, any self signed certificate a valid certificate. My application is also used to accept credit card payments (it is used also as a mobile pos) and actually, after Downloader gets instantiated at least once, I get installed a validation algorithm that blindly trust any self signed certificate. This means that from this moment any malicious server could impersonate the payment gateway of a bank by simply using a self signed certificate.
Because of this, I tried to change your library in order to make me decide when and IF to use a custom validation callback, by removing the one included in ExceptionHelper and adding a dedicated property to downloader configuration. It is not that complicated, these are the changes I had to do:
// this one in Request.cs
private HttpWebRequest GetRequest(string method)
{
HttpWebRequest request = WebRequest.CreateHttp(Address);
if (_configuration.ServerCertificateValidationCallback != null) // << this code
request.ServerCertificateValidationCallback = +_configuration.ServerCertificateValidationCallback; << this code
// and this one in RequestConfiguration.cs
...
public RemoteCertificateValidationCallback ServerCertificateValidationCallback { get; set; }
....
This does the trick, at least for windows apps, but still doesn't work under android.
I think that the problem is that HttpWebRequest is now deprecated and they are not supporting this feature under Android, since it should all be reimplemented using HttpClient...
For the moment I gave up using Downloader, and I just implemented the resuming of the partial dowload myself (I didn't really neead parallel chunked download, even if it was nice to have).
I will wait for a version of Downloader that uses HttpClient, since I have seen it is already in your to-do list.
I think that in your HttpClient version you should provide a "CreateHttpClient" callback, so users will be able to implement an handler callback that creates a client using their own HttplClientHandler.
Thank you and have a nice day. Excellent work anyway.
from downloader.
Yes @csm101, I trying to move the Downloader to the use of HttpClient
. This is in progress and will be completed as soon as
possible. Thanks for your feedback.
from downloader.
Related Issues (20)
- The calling thread cannot access this object because another thread owns it HOT 1
- Chunk displaying no progress yet still downloads. HOT 1
- No error when server responds with 404 HOT 1
- Occasional resume error and inaccurate download progress HOT 2
- Whether the download can be resumed from where the last download was not completed HOT 3
- ipv6 Download error the ssl connection could not be established, see inner exception HOT 2
- RobiniaDocs API Explorer
- how to download stream or api link?
- Large file download blocks other download tasks. HOT 3
- Attempting to download the same file to the local directory with same name doesnt overwrite/replace HOT 2
- Downloader support socks5 proxy HOT 3
- getting error when download completed! HOT 11
- The 67th Line in this file“Downloader/src/Downloader /ChunkDownloader.cs ” is not need HOT 1
- The CancelTaskAsync interface of IDownloadService causes the program to freeze. HOT 1
- Inquiry Regarding Repository Usage for Efficient Download of Small Files in .NET HOT 1
- I need to implement happy eyeballs for IPV4 IPV6 dual stack protocol HOT 2
- Resume download after restart program
- DownloadStatus is Failed but no exception is thrown HOT 2
- README is a bit misleading about Content-Length for getting file length HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from downloader.