16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
95 lines
3.0 KiB
Plaintext
95 lines
3.0 KiB
Plaintext
== Why is this an issue?
|
|
|
|
include::../description.adoc[]
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,csharp]
|
|
----
|
|
ServicePointManager.ServerCertificateValidationCallback +=
|
|
(sender, certificate, chain, errors) => {
|
|
return true; // Noncompliant: trust all certificates
|
|
};
|
|
----
|
|
|
|
=== Compliant solution
|
|
|
|
[source,csharp]
|
|
----
|
|
ServicePointManager.ServerCertificateValidationCallback +=
|
|
(sender, certificate, chain, errors) =>
|
|
{
|
|
if (development) return true; // for development, trust all certificates
|
|
return errors == SslPolicyErrors.None
|
|
&& validCerts.Contains(certificate.GetCertHashString()); // Compliant: trust only some certificates
|
|
};
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
=== Highlighting
|
|
|
|
Primary: The update of ``++ServerCertificateValidationCallback++``
|
|
|
|
Secondary: The ``++return true++`` of the function accepting every certificate
|
|
|
|
* message "This function trusts all certificates."
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 29 Oct 2019, 11:20:05 Alexandre Gigleux wrote:
|
|
Reference: \https://khalidabuhakmeh.com/validating-ssl-certificates-with-dotnet-servicepointmanager
|
|
|
|
=== on 6 Nov 2019, 17:18:01 Pavel Mikula wrote:
|
|
Few more occurrances of certificate validation procedure:
|
|
|
|
|
|
https://docs.microsoft.com/en-us/dotnet/api/system.net.httpwebrequest.servercertificatevalidationcallback?view=netframework-4.8
|
|
|
|
|
|
https://docs.microsoft.com/en-us/dotnet/api/system.net.http.httpclienthandler.servercertificatecustomvalidationcallback?view=netframework-4.8
|
|
|
|
|
|
https://docs.microsoft.com/en-us/dotnet/api/system.net.websockets.clientwebsocketoptions.remotecertificatevalidationcallback?view=netcore-3.0
|
|
|
|
|
|
https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslclientauthenticationoptions.remotecertificatevalidationcallback?view=netcore-3.0
|
|
|
|
|
|
And as constructor parameter here:
|
|
|
|
|
|
https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.-ctor?view=netframework-4.8
|
|
|
|
=== on 29 Oct 2020, 16:15:06 Marcos Giurni wrote:
|
|
The is an error in the compliant solution. The logical operator must be || instead of &&.
|
|
|
|
|
|
_return errors == SslPolicyErrors.None_
|
|
|
|
_{color:#de350b}||{color} validCerts.Contains(certificate.GetCertHashString());_
|
|
|
|
|
|
Thus, the validation callback will return true if there are no errors (errors == SslPolicyErrors.None) OR if, even with an error, the certificate is in the valid list.
|
|
|
|
=== on 29 Oct 2020, 16:36:19 Pavel Mikula wrote:
|
|
\[~mgiurni] There's ``++"trust only some certificates"++`` comment explaining the intention. The validation checks normal errors and from all environment-level trusted certificates it trusts only few selected ones. Probably those that are relevant to given context for extra security.
|
|
|
|
|
|
I think the example is correct and we should not promote trusting expired or invalid certificates.
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|