protected bool ContextServerCertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (Tracer.IsDebugEnabled) { string name = null; if (certificate is X509Certificate2) { X509Certificate2 cert = certificate as X509Certificate2; name = cert.SubjectName.Name; } Tracer.DebugFormat("Cert DN {0}; Cert Subject {1}; Cert Issuer {2}; SSLPolicyErrors [{3}]", name, certificate?.Subject ?? "null", certificate?.Issuer ?? "null", sslPolicyErrors.ToString()); try { X509VerificationFlags verFlags = chain.ChainPolicy.VerificationFlags; X509RevocationMode revMode = chain.ChainPolicy.RevocationMode; X509RevocationFlag revFlags = chain.ChainPolicy.RevocationFlag; StringBuilder sb = new StringBuilder(); sb.Append("ChainStatus={"); int size = sb.Length; foreach (X509ChainStatus status in chain.ChainStatus) { X509ChainStatusFlags csflags = status.Status; sb.AppendFormat("Info={0}; flags=0x{1:X}; flagNames=[{2}]", status.StatusInformation, csflags, csflags.ToString()); sb.Append(", "); } if (size != sb.Length) { sb.Remove(sb.Length - 2, 2); } sb.Append("}"); Tracer.DebugFormat("X.509 Cert Chain, Verification Flags {0:X} {1}, Revocation Mode {2}, Revocation Flags {3}, Status {4} ", verFlags, verFlags.ToString(), revMode.ToString(), revFlags.ToString(), sb.ToString()); } catch (Exception ex) { Tracer.ErrorFormat("Error displaying Remote Cert fields. Cause: {0}", ex); } } bool?valid = null; if (ServerCertificateValidateCallback != null) { try { if (Tracer.IsDebugEnabled) { Tracer.DebugFormat("Calling application callback for Remote Certificate Validation."); } valid = ServerCertificateValidateCallback(sender, certificate, chain, sslPolicyErrors); } catch (Exception ex) { Tracer.InfoFormat("Caught Exception from application callback for Remote Certificate Validation. Exception : {0}", ex); throw ex; } } else { if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch && !String.IsNullOrWhiteSpace(this.ServerName)) { if (certificate.Subject.IndexOf(string.Format("CN={0}", this.ServerName), StringComparison.InvariantCultureIgnoreCase) > -1) { sslPolicyErrors &= ~(SslPolicyErrors.RemoteCertificateNameMismatch); } } if (sslPolicyErrors == SslPolicyErrors.None) { valid = true; } else { Tracer.WarnFormat("SSL certificate {0} validation error : {1}", certificate.Subject, sslPolicyErrors.ToString()); valid = this.AcceptInvalidBrokerCert; } } return(valid ?? this.AcceptInvalidBrokerCert); }