protected bool ContextServerCertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (Tracer.IsDebugEnabled)
{
string name = null;
if (certificate is X509Certificate2)
{
X509Certificate2 cert = certificate as X509Certificate2;
name = cert.SubjectName.Name;
}
Tracer.DebugFormat("Cert DN {0}; Cert Subject {1}; Cert Issuer {2}; SSLPolicyErrors [{3}]", name, certificate?.Subject ?? "null", certificate?.Issuer ?? "null", sslPolicyErrors.ToString());
try
{
X509VerificationFlags verFlags = chain.ChainPolicy.VerificationFlags;
X509RevocationMode revMode = chain.ChainPolicy.RevocationMode;
X509RevocationFlag revFlags = chain.ChainPolicy.RevocationFlag;
StringBuilder sb = new StringBuilder();
sb.Append("ChainStatus={");
int size = sb.Length;
foreach (X509ChainStatus status in chain.ChainStatus)
{
X509ChainStatusFlags csflags = status.Status;
sb.AppendFormat("Info={0}; flags=0x{1:X}; flagNames=[{2}]", status.StatusInformation, csflags, csflags.ToString());
sb.Append(", ");
}
if (size != sb.Length)
{
sb.Remove(sb.Length - 2, 2);
}
sb.Append("}");
Tracer.DebugFormat("X.509 Cert Chain, Verification Flags {0:X} {1}, Revocation Mode {2}, Revocation Flags {3}, Status {4} ",
verFlags, verFlags.ToString(), revMode.ToString(), revFlags.ToString(), sb.ToString());
}
catch (Exception ex)
{
Tracer.ErrorFormat("Error displaying Remote Cert fields. Cause: {0}", ex);
}
}
bool?valid = null;
if (ServerCertificateValidateCallback != null)
{
try
{
if (Tracer.IsDebugEnabled)
{
Tracer.DebugFormat("Calling application callback for Remote Certificate Validation.");
}
valid = ServerCertificateValidateCallback(sender, certificate, chain, sslPolicyErrors);
}
catch (Exception ex)
{
Tracer.InfoFormat("Caught Exception from application callback for Remote Certificate Validation. Exception : {0}", ex);
throw ex;
}
}
else
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch &&
!String.IsNullOrWhiteSpace(this.ServerName))
{
if (certificate.Subject.IndexOf(string.Format("CN={0}",
this.ServerName), StringComparison.InvariantCultureIgnoreCase) > -1)
{
sslPolicyErrors &= ~(SslPolicyErrors.RemoteCertificateNameMismatch);
}
}
if (sslPolicyErrors == SslPolicyErrors.None)
{
valid = true;
}
else
{
Tracer.WarnFormat("SSL certificate {0} validation error : {1}", certificate.Subject, sslPolicyErrors.ToString());
valid = this.AcceptInvalidBrokerCert;
}
}
return(valid ?? this.AcceptInvalidBrokerCert);
}
