public TlsCertificateAcceptance Verify(TlsSocket socket, string commonName, CertificateChain certificateChain) { ValidationResult res = certificateChain.Validate(commonName, 0); if (res.Valid) { return(TlsCertificateAcceptance.Accept); } ValidationStatus status = res.Status; ValidationStatus[] values = (ValidationStatus[])Enum.GetValues(typeof(ValidationStatus)); bool showAddIssuerCaToTrustedCaStore = false; StringBuilder sb = new StringBuilder(); for (int i = 0; i < values.Length; i++) { if ((status & values[i]) == 0) { continue; } status ^= values[i]; string problem; switch (values[i]) { case ValidationStatus.TimeNotValid: problem = "Server certificate has expired or is not valid yet."; break; case ValidationStatus.Revoked: problem = "Server certificate has been revoked."; break; case ValidationStatus.UnknownCa: problem = "Server certificate was issued by an unknown authority."; break; case ValidationStatus.RootNotTrusted: problem = "Server certificate was issued by an untrusted authority."; if (certificateChain.RootCertificate != null) { showAddIssuerCaToTrustedCaStore = true; } break; case ValidationStatus.IncompleteChain: problem = "Server certificate does not chain up to a trusted root authority."; break; case ValidationStatus.Malformed: problem = "Server certificate is malformed."; break; case ValidationStatus.CnNotMatch: problem = "Server hostname does not match the certificate."; break; case ValidationStatus.UnknownError: problem = string.Format("Error {0:x} encountered while validating server's certificate.", res.ErrorCode); break; default: problem = values[i].ToString(); break; } sb.AppendFormat("{0}\r\n", problem); } Certificate cert = certificateChain.LeafCertificate; string certFingerprint = BitConverter.ToString(cert.GetCertHash()); // if certificate is already saved than return Accept if (acceptedCertificates.Contains(certFingerprint)) { return(TlsCertificateAcceptance.Accept); } VerifierForm certForm = new VerifierForm(); certForm.Problem = sb.ToString(); certForm.Hostname = cert.GetCommonName(); certForm.Subject = cert.GetSubjectName(); certForm.Issuer = cert.GetIssuerName(); certForm.ShowAddIssuerToTrustedCaStoreButton = showAddIssuerCaToTrustedCaStore; certForm.ValidFrom = cert.GetEffectiveDate().ToString(); certForm.ValidTo = cert.GetExpirationDate().ToString(); certForm.ShowDialog(); // add certificate of the issuer CA to truster authorities store if (certForm.AddIssuerCertificateAuthothorityToTrustedCaStore) { CertificateStore trustedCaStore = new CertificateStore(CertificateStoreName.Root); Certificate rootCertificate = certificateChain.RootCertificate; trustedCaStore.AddCertificate(rootCertificate); } if (certForm.Accepted) { // save accepted certificate for this session in static HashTable acceptedCertificates.Add(certFingerprint, cert); return(TlsCertificateAcceptance.Accept); } if ((res.Status & ValidationStatus.TimeNotValid) != 0) { return(TlsCertificateAcceptance.Expired); } if ((res.Status & ValidationStatus.Revoked) != 0) { return(TlsCertificateAcceptance.Revoked); } if ((res.Status & (ValidationStatus.UnknownCa | ValidationStatus.RootNotTrusted | ValidationStatus.IncompleteChain)) != 0) { return(TlsCertificateAcceptance.UnknownAuthority); } if ((res.Status & (ValidationStatus.Malformed | ValidationStatus.UnknownError)) != 0) { return(TlsCertificateAcceptance.Other); } return(TlsCertificateAcceptance.Bad); }