Xamarin on Android: Bypass SSL Verification With HttpClient

To disable SSL verification while making HTTP calls with System.Net.Http.HttpClient in a Xamarin app on Android, you need to supply a SSLSocketFactory and a custom implementation of HostnameVerifier with all checks disabled. To do this, you’ll need to  subclass AndroidClientHandler and override the appropriate methods.

Without further ado, here’s the code:

internal class BypassHostnameVerifier : Java.Lang.Object, IHostnameVerifier
{
    public bool Verify(string hostname, ISSLSession session)
    {
        return true;
    }
}

internal class BypassSslValidationClientHandler : AndroidClientHandler
{
    protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
    {
        return SSLCertificateSocketFactory.GetInsecure(1000, null);
    }

    protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
    {
        return new BypassHostnameVerifier();
    }
}

Then use the BypassSslValidationClientHandler with your HttpClient:

var handler = new BypassSslValidationClientHandler();
var httpClient = new System.Net.Http.HttpClient(handler);
var html = await httpClient.GetStringAsync("https://192.168.0.10:12345");

Freelance full-stack .NET and JS developer and architect. Located near Cologne, Germany.

1 thought on “Xamarin on Android: Bypass SSL Verification With HttpClient

Leave a Reply

Your email address will not be published. Required fields are marked *