To disable SSL verification while making HTTP calls with System.Net.Http.HttpClient in a Xamarin app on Android, you need to supply a SSLSocketFactory and a custom implementation of HostnameVerifier with all checks disabled. To do this, you’ll need to subclass AndroidClientHandler and override the appropriate methods.
Without further ado, here’s the code:
internal class BypassHostnameVerifier : Java.Lang.Object, IHostnameVerifier { public bool Verify(string hostname, ISSLSession session) { return true; } } internal class BypassSslValidationClientHandler : AndroidClientHandler { protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection) { return SSLCertificateSocketFactory.GetInsecure(1000, null); } protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection) { return new BypassHostnameVerifier(); } }
Then use the BypassSslValidationClientHandler with your HttpClient:
var handler = new BypassSslValidationClientHandler(); var httpClient = new System.Net.Http.HttpClient(handler); var html = await httpClient.GetStringAsync("https://192.168.0.10:12345");
2 years later and you, sir, are my hero.