Open Closed

Ssl connection cound not be established on Maui #4575


User avatar
0
alin.berce created
  • ABP Framework version: v6
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no

I'll do my best to explain the situation:

  • apb app using openiddict
  • the app has been published on azure
  • in order to publis the app, two certificates have been generated, one for encryption and one for signing. These certificates were added on PreConfigure<OpenIddictServerBuilder>. These certificates are added on azure
  • have the maui app, migrated to .net 7, connect in two ways: by doing a normal httpClient.PostAsync and by calling an injected app service

Result:

  • when running the android app on devices with android 10,11,13 -> everything works as expected
  • where running the android app on emulators with android 7,8 -> it doesn't work. Here are the exceptions:

The SSL connection could not be established, see inner exception

digging deeper into the inner exception I get:

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception

digging deeper into the inner exception again I get:

Interiop+AndroidCrypto+SslException: Exception of type Interiop+AndroidCrypto+SslException was thrown and this happens at System.Net.Security.SslStream<ForceAuthenticationAsync>

Why does it work on some android versions and not on others? Does it have something to do with the genereated self signed certificates? How can I make it work? Thank you for your time


4 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I think it looks like a problem with MAUI: https://github.com/dotnet/maui/issues/9400, https://github.com/dotnet/runtime/issues/74292

  • User Avatar
    0
    alin.berce created

    Thank you for the links. The thing is, I need the app to work. Curiously enough, on an android 10 device it doesn't work also. Is it possible to deploy abp to azure with openiddict without the need to have self signed certificates? I believe all this is because of these certificates. Because as it is, basically the MAUI app is useless...\

    I have noticed something in the output:

    java.lang.IllegalStateException: Handshake has already been started at com.android.org.conscrypt.OenSSLEngineImpl.beginHandshakeInternal(OpenSSLEndingeImpl.hava:335)

    Later edit: From preliminary testing, it seems that upgrading Visual Studio to the new version, which probably updated also .net 7 fixes the problem. Will do further testing in the following days.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    ok

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Is it possible to deploy abp to azure with openiddict without the need to have self signed certificates?

    I think there is this way, but we don't recommend you to do it in production

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15