2023-05-03 11:06:20 +02:00
== Why is this an issue?
2020-06-30 14:41:58 +02:00
include::../description.adoc[]
2023-05-03 11:06:20 +02:00
=== Noncompliant code example
2020-06-30 14:41:58 +02:00
2022-02-04 17:28:24 +01:00
[source,csharp]
2020-06-30 14:41:58 +02:00
----
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, errors) => {
return true; // Noncompliant: trust all certificates
};
----
2023-05-03 11:06:20 +02:00
=== Compliant solution
2020-06-30 14:41:58 +02:00
2022-02-04 17:28:24 +01:00
[source,csharp]
2020-06-30 14:41:58 +02:00
----
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, errors) =>
{
if (development) return true; // for development, trust all certificates
return errors == SslPolicyErrors.None
&& validCerts.Contains(certificate.GetCertHashString()); // Compliant: trust only some certificates
};
----
include::../see.adoc[]
2021-06-02 20:44:38 +02:00
2021-06-03 09:05:38 +02:00
ifdef::env-github,rspecator-view[]
2021-09-20 15:38:42 +02:00
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
2023-05-25 14:18:12 +02:00
=== Highlighting
Primary: The update of ``++ServerCertificateValidationCallback++``
Secondary: The ``++return true++`` of the function accepting every certificate
* message "This function trusts all certificates."
2021-09-20 15:38:42 +02:00
2021-06-08 15:52:13 +02:00
'''
2021-06-02 20:44:38 +02:00
== Comments And Links
(visible only on this page)
2023-05-25 14:18:12 +02:00
=== on 29 Oct 2019, 11:20:05 Alexandre Gigleux wrote:
Reference: \https://khalidabuhakmeh.com/validating-ssl-certificates-with-dotnet-servicepointmanager
=== on 6 Nov 2019, 17:18:01 Pavel Mikula wrote:
Few more occurrances of certificate validation procedure:
https://docs.microsoft.com/en-us/dotnet/api/system.net.httpwebrequest.servercertificatevalidationcallback?view=netframework-4.8
https://docs.microsoft.com/en-us/dotnet/api/system.net.http.httpclienthandler.servercertificatecustomvalidationcallback?view=netframework-4.8
https://docs.microsoft.com/en-us/dotnet/api/system.net.websockets.clientwebsocketoptions.remotecertificatevalidationcallback?view=netcore-3.0
https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslclientauthenticationoptions.remotecertificatevalidationcallback?view=netcore-3.0
And as constructor parameter here:
https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.-ctor?view=netframework-4.8
=== on 29 Oct 2020, 16:15:06 Marcos Giurni wrote:
The is an error in the compliant solution. The logical operator must be || instead of &&.
_return errors == SslPolicyErrors.None_
_{color:#de350b}||{color} validCerts.Contains(certificate.GetCertHashString());_
Thus, the validation callback will return true if there are no errors (errors == SslPolicyErrors.None) OR if, even with an error, the certificate is in the valid list.
=== on 29 Oct 2020, 16:36:19 Pavel Mikula wrote:
\[~mgiurni] There's ``++"trust only some certificates"++`` comment explaining the intention. The validation checks normal errors and from all environment-level trusted certificates it trusts only few selected ones. Probably those that are relevant to given context for extra security.
I think the example is correct and we should not promote trusting expired or invalid certificates.
include::../comments-and-links.adoc[]
2021-06-03 09:05:38 +02:00
endif::env-github,rspecator-view[]
