/// <summary>
/// The callback used to defer the call context, such that each scope can have its own callback
/// </summary>
/// <returns><c>true</c>, if point manager certificate callback was serviced, <c>false</c> otherwise.</returns>
/// <param name="sender">The sender of the validation.</param>
/// <param name="certificate">The certificate to validate.</param>
/// <param name="chain">The certificate chain.</param>
/// <param name="sslPolicyErrors">Errors discovered.</param>
private static bool ServicePointManagerCertificateCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// If we have a custom SSL validator, invoke it
if (HttpContextSettings.CertificateValidator != null)
{
return(CertificateValidator.ValidateServerCertficate(sender, certificate, chain, sslPolicyErrors));
}
// Default is to only approve certificates without errors
var result = sslPolicyErrors == SslPolicyErrors.None;
// Hack: If we have no validator, see if the context is all messed up
// This is not the right way, but ServicePointManager is not designed right for this
var any = false;
foreach (var v in CallContextSettings <HttpSettings> .GetAllInstances())
{
if (v.CertificateValidator != null)
{
var t = v.CertificateValidator.ValidateServerCertficate(sender, certificate, chain, sslPolicyErrors);
// First instance overrides framework result
if (!any)
{
result = t;
}
// If there are more, we see if anyone will accept it
else
{
result |= t;
}
any = true;
}
}
return(result);
}
