Add test for NoMissingCertificateHandling opt-out switch

rolfbjarne · Copilot · rolfbjarne · commit 4e047fdcb34e · 2026-03-27T15:37:33.000+01:00
Verifies that when the Foundation.NSUrlSessionHandler.NoMissingCertificateHandling
switch is enabled, the specific SecureChannelFailure exception is not thrown.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/tests/monotouch-test/System.Net.Http/MessageHandlers.cs b/tests/monotouch-test/System.Net.Http/MessageHandlers.cs
@@ -766,6 +766,36 @@ public void TestNSUrlSessionHandlerDetectMissingClientCertificate ()
 			}
 		}
 
+		[Test]
+		public void TestNSUrlSessionHandlerDetectMissingClientCertificateOptOut ()
+		{
+			AppContext.TryGetSwitch ("Foundation.NSUrlSessionHandler.NoMissingCertificateHandling", out var originalValue);
+			NWListener? listener = null;
+			try {
+				AppContext.SetSwitch ("Foundation.NSUrlSessionHandler.NoMissingCertificateHandling", true);
+				listener = CreateNWTlsListener (requireClientCert: true);
+				var port = listener.Port;
+
+				var done = TestRuntime.TryRunAsync (TimeSpan.FromSeconds (30), async () => {
+					using var handler = new NSUrlSessionHandler ();
+					handler.TrustOverrideForUrl = (sender, url, trust) => true;
+					using var client = new HttpClient (handler);
+					await client.GetAsync ($"https://localhost:{port}/");
+				}, out var ex);
+				Assert.IsTrue (done, "Request to localhost timed out.");
+				// With the opt-out switch enabled, the new specific exception is not thrown.
+				// Instead we get a generic connection error (no WebException/AuthenticationException chain).
+				Assert.IsNotNull (ex, "Exception was expected.");
+				Assert.IsInstanceOf (typeof (HttpRequestException), ex, "Exception");
+				if (ex!.InnerException is WebException we)
+					Assert.That (we.Status, Is.Not.EqualTo (WebExceptionStatus.SecureChannelFailure), "Should not be SecureChannelFailure");
+			} finally {
+				AppContext.SetSwitch ("Foundation.NSUrlSessionHandler.NoMissingCertificateHandling", originalValue);
+				listener?.Cancel ();
+				listener?.Dispose ();
+			}
+		}
+
 		static NWListener CreateNWTlsListener (bool requireClientCert)
 		{
 			using var serverCert = CreateSelfSignedServerCertificate ();
