How to call default ServerCertificateValidationCallback inside customized validation?

后端未结

关注

 1  1353

I want to modify .Net\'s default ServerCertificateValidationCallback to validate as true some of my company\'s certificates, but keeping the default validation

相关标签:

1条回答

难免孤独

2020-12-19 06:48

From what I can tell in the reference source this is where the callback comes into play:

if (ServicePointManager.ServerCertificateValidationCallback != null)
{
    useDefault = false;
    return ServicePointManager.ServerCertValidationCallback.
                               Invoke(m_Request,
                                      certificate,
                                      chain,
                                      sslPolicyErrors);
}

if (useDefault)
    return sslPolicyErrors == SslPolicyErrors.None;

Which means that the validation has already been performed and to know whether it passes you just need to check the sslPolicyErrors argument. You would do this:

ServicePointManager.ServerCertificateValidationCallback = 
(sender, certificate, chain, sslPolicyErrors) => 
validCertificatesSerialNumbers.Contains(certificate.GetSerialNumberString()) || (sslPolicyErrors == SslPolicyErrors.None);

0 讨论(0)