void GenericHandlerSignature()
{
var httpHandler = new System.Net.Http.HttpClientHandler();
httpHandler.ServerCertificateCustomValidationCallback += InvalidValidation;
var ShouldNotTrigger = new NonrelatedSignatureType();
ShouldNotTrigger.Callback += (sender, chain, certificate, SslPolicyErrors) => true;
ShouldNotTrigger.Callback += (sender, chain, certificate, SslPolicyErrors) => false;
}
void GenericHandlerSignature()
{
var httpHandler = new System.Net.Http.HttpClientHandler(); //This is not RemoteCertificateValidationCallback delegate type, but Func<...>
httpHandler.ServerCertificateCustomValidationCallback += InvalidValidation; //Noncompliant [flow9]
//Generic signature check without RemoteCertificateValidationCallback
var ShouldTrigger = new RelatedSignatureType();
ShouldTrigger.Callback += InvalidValidation; //Noncompliant [flow10]
ShouldTrigger.Callback += CompliantValidation;
var ShouldNotTrigger = new NonrelatedSignatureType();
ShouldNotTrigger.Callback += (sender, chain, certificate, SslPolicyErrors) => true; //Compliant, because signature types are not in expected order for validation
ShouldNotTrigger.Callback += (sender, chain, certificate, SslPolicyErrors) => false;
}
