{"id":46580099,"url":"https://github.com/zitchcode/securehttpclient","last_synced_at":"2026-03-07T11:01:24.634Z","repository":{"id":52292034,"uuid":"71000802","full_name":"ZitchCode/SecureHttpClient","owner":"ZitchCode","description":"Cross-platform HttpClientHandler with TLS1.2 and Certificate Pinning","archived":false,"fork":false,"pushed_at":"2026-02-05T09:28:20.000Z","size":784,"stargazers_count":42,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2026-02-05T20:59:59.154Z","etag":null,"topics":["android","c-sharp","certificate-pinning","dotnet","httpclient","ios","maui","security","tls","xamarin"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ZitchCode.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["zitchcode"]}},"created_at":"2016-10-15T16:50:11.000Z","updated_at":"2026-02-05T09:28:24.000Z","dependencies_parsed_at":"2026-01-08T12:06:16.699Z","dependency_job_id":null,"html_url":"https://github.com/ZitchCode/SecureHttpClient","commit_stats":{"total_commits":359,"total_committers":4,"mean_commits":89.75,"dds":0.03899721448467963,"last_synced_commit":"2c518c2a7a62a881654982e49989a41b51e6243e"},"previous_names":["zitchcode/securehttpclient","tranb3r/securehttpclient"],"tags_count":70,"template":false,"template_full_name":null,"purl":"pkg:github/ZitchCode/SecureHttpClient","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZitchCode%2FSecureHttpClient","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZitchCode%2FSecureHttpClient/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZitchCode%2FSecureHttpClient/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZitchCode%2FSecureHttpClient/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ZitchCode","download_url":"https://codeload.github.com/ZitchCode/SecureHttpClient/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ZitchCode%2FSecureHttpClient/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30212103,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T09:02:10.694Z","status":"ssl_error","status_checked_at":"2026-03-07T09:02:08.429Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","c-sharp","certificate-pinning","dotnet","httpclient","ios","maui","security","tls","xamarin"],"created_at":"2026-03-07T11:01:05.949Z","updated_at":"2026-03-07T11:01:24.629Z","avatar_url":"https://github.com/ZitchCode.png","language":"C#","readme":"# SecureHttpClient\n\nSecureHttpClient is a dotnet cross-platform HttpClientHandler library, with additional security features.\n\n## Features\n\n| Feature | Android | iOS | Windows |\n| ---: | :---: | :---: | :---: |\n| Certificate pinning | :white_check_mark: | :white_check_mark: | :white_check_mark: |\n| TLS 1.2+ | :white_check_mark: | :white_check_mark: | :white_check_mark: |\n| HTTP/2 | :white_check_mark: | :white_check_mark: | :white_check_mark: |\n| Compression (gzip / deflate / br) | :white_check_mark: | :white_check_mark: | :white_check_mark: |\n| Client certificates | :white_check_mark: | :white_check_mark: | :white_check_mark: |\n| Headers ordering | :white_check_mark: | :x: | :x: |\n| Cookies | :white_check_mark: | :white_check_mark: | :white_check_mark: |\n\n## Installation\n\n[![NuGet](https://img.shields.io/nuget/v/SecureHttpClient)](https://www.nuget.org/packages/SecureHttpClient/)\n\nThe most recent version is available (and is tested) on the following platforms:\n- Android 8-16.1 (API 26-36.1)\n- iOS 26.1\n- .net 10.0\n\nOlder versions support older frameworks (but they are not maintained anymore):\n- v2.3: net9.0 (android / ios / windows)\n- v2.2: net8.0 (android / ios / windows)\n- v2.1: net7.0 (android / ios / windows)\n- v2.0: net6.0 (android / ios / windows)\n- v1.x: MonoAndroid ; Xamarin.iOS ; NetStandard\n\n## Basic usage\n\nBasic usage is similar to using `System.Net.Http.HttpClientHandler`.\n```csharp\n// create the SecureHttpClientHandler\nvar secureHttpClientHandler = new SecureHttpClientHandler(null);\n\n// create the HttpClient\nvar httpClient = new HttpClient(secureHttpClientHandler);\n\n// example of a simple GET request\nvar response = await httpClient.GetAsync(\"https://www.github.com\");\nvar html = await response.Content.ReadAsStringAsync();\n```\n\n## Certificate pining\n\n### Usage\n\nAfter creating a `SecureHttpClientHandler` object, call `AddCertificatePinner` to add one or more certificate pinner.\n\nThe request will fail if the certificate pin is not correct.\n\n```csharp\n// create the SecureHttpClientHandler\nvar secureHttpClientHandler = new SecureHttpClientHandler(null);\n\n// add certificate pinner\nsecureHttpClientHandler.AddCertificatePinner(\"www.github.com\", [\"sha256/YH8+l6PDvIo1Q5o6varvw2edPgfyJFY5fHuSlsVdvdc=\"]);\n\n// create the HttpClient\nvar httpClient = new HttpClient(secureHttpClientHandler);\n\n// example of a simple GET request\nvar response = await httpClient.GetAsync(\"https://www.github.com\");\nvar html = await response.Content.ReadAsStringAsync();\n```\n\n### Domain patterns\n\n`SecureHttpClient` behaves the same as `OkHttp`: pinning is per-hostname and/or per-wildcard pattern.\n\nTo pin both `example.com` and `www.example.com` you must configure both hostnames. Or you may use patterns to match sets of related domain names. The following forms are permitted:\n- Full domain name: you may pin an exact domain name like `www.example.com`. It won't match additional prefixes (`abc.www.example.com`) or suffixes (`example.com`).\n- Any number of subdomains: Use two asterisks like `**.example.com` to match any number of prefixes (`abc.www.example.com`, `www.example.com`) including no prefix at all (`example.com`). For most applications this is the best way to configure certificate pinning.\n- Exactly one subdomain: Use a single asterisk like `*.example.com` to match exactly one prefix (`www.example.com`, `api.example.com`). Be careful with this approach as no pinning will be enforced if additional prefixes are present, or if no prefixes are present.\n\nNote that any other form is unsupported. You may not use asterisks in any position other than the leftmost label.\n\nIf multiple patterns match a hostname, any match is sufficient. For example, suppose pin A applies to *.example.com and pin B applies to `api.example.com`. Handshakes for `api.example.com` are valid if either A's or B's certificate is in the chain.\n\n### Compute the pin\n\nIn order to compute the pin (SPKI fingerprint of the server's SSL certificate), you can execute the following command (here for `www.github.com` host):\n```shell\nopenssl s_client -connect www.github.com:443 -servername www.github.com | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64\n```\n\nYou can also use the C# helpers available in SecureHttpClient:\n```csharp\nvar certificate = CertificateHelper.GetCertificate(\"www.github.com\");\nvar spkiFingerprint = CertificateHelper.GetSpkiFingerprint(certificate);\nConsole.Writeline(spkiFingerprint);\n```\n\n## Cookies and Redirect\n\nSecureHttpClient handles cookies and redirects, but the behavior can differ a bit from one platform to another, because of different implementations in the native libraries used internally.\n\nFor strictly identical behavior between platforms, it's recommended to use [Flurl](https://github.com/tmenier/Flurl) on top of SecureHttpClient, and let it handle cookies and redirects.\n\n```csharp\n// create the SecureHttpClientHandler\nvar secureHttpClientHandler = new SecureHttpClientHandler(null);\n\n// disable redirect and cookies management in this handler\nsecureHttpClientHandler.AllowAutoRedirect = false;\nsecureHttpClientHandler.UseCookies = false;\n\n// create the FlurlClient and CookieSession, they will manage redirect and cookies\nvar httpClient = new HttpClient(secureHttpClientHandler);\nvar flurlClient = new FlurlClient(httpClient);\nvar flurlSession = new CookieSession(flurlClient);\n\n// example of a simple GET request using Flurl\nvar html = await flurlSession\n    .Request(\"https://www.github.com\")\n    .GetStringAsync();\n```\n\n## Advanced usage\n\nFor more advanced usage (logging, client certificates, cookies ordering...), have a look into the SecureHttpClient.Test folder for more code examples.\n","funding_links":["https://github.com/sponsors/zitchcode"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzitchcode%2Fsecurehttpclient","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzitchcode%2Fsecurehttpclient","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzitchcode%2Fsecurehttpclient/lists"}