WP8.1 async socket.ConnectAsync to SSL device "The signature of the certificate cannot be verified" - unable to ignore this error

1

I have researched a ton for how to establish a TCP/SSL connection from WP8.1 to a remote host (in this case an ELK Security System network interface).

I have found examples of being able to ignore some certificate errors by connecting, trapping the failure, and then setting up the IgnorableServerCertificateErrors collection.

However, when I connect to my ELK security network interface, I always get the error

{System.Exception: The signature of the certificate cannot be verified. (Exception from HRESULT: 0x80096004)

and its marked as FATAL and not Ignorable.

I have been in contact with the Developer of the code that runs the ELK security network interface about their SSL implementation.

He says “the certificate is self-signed and is used only to share keys to encrypt the data, not as proof of identity. If ELK were to do that, every XEP would cost a lot more for a unique CA-signed certificate in it. You should try over-riding your certificate handling routine to accept any certificate the XEP sends. However, in the certificate header, you should see the words “Elk” and “M1XEP” You could look for that to confirm it’s an XEP certificate.”

So basically I know the certificate will fail to be verified, but I need to ignore this and connect anyway.

Does anyone have any suggestions? My app is useless until I can get past this. Thanks! Chris

Code if you want to see it:

 try
        {
            await socket.ConnectAsync(hostName, Port.ToString(), SocketProtectionLevel.Ssl);
            return false;
        }
        catch (Exception exception)
        {
            // If this is an unknown status it means that the error is fatal and retry will likely fail.
            if (SocketError.GetStatus(exception.HResult) == SocketErrorStatus.Unknown)
            {
                UpdateSubLine("con-Error");
                return false;
            }

            // If the exception was caused by an SSL error that is ignorable we are going to prompt the user
            // with an enumeration of the errors and ask for permission to ignore.
            //

            if (socket.Information.ServerCertificateErrorSeverity != SocketSslErrorSeverity.Ignorable)
            {
                UpdateSubLine("con-Fatal");
                return false;
            }
        }

        socket.Control.IgnorableServerCertificateErrors.Clear();
        foreach (var ignorableError in socket.Information.ServerCertificateErrors)
        {
            socket.Control.IgnorableServerCertificateErrors.Add(ignorableError);
        }
        return true;
c#
ssl
windows-phone-8
asked on Stack Overflow Jun 6, 2015 by Chris Boar

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0