static RemoteCertificateValidationCallback MakeServerCertificateValidationCallback( EpoxyServerTlsConfig tlsConfig, Logger logger) { if (tlsConfig.ClientCertificateRequired) { // If client certificates are required, then add an explicit // check that the client provided a certificate. The default // behavior is to allow the connection even if the client // didn't present a certificate. return((sender, certificate, chain, errors) => { if (certificate == null) { logger.Site().Error("Rejecting client. Certificate required, but client did not provide one."); return false; } if (tlsConfig.RemoteCertificateValidationCallback != null) { // There's a user-provided validation callback, so // delegate to that. return tlsConfig.RemoteCertificateValidationCallback( sender, certificate, chain, errors); } else { // Otherwise, require no errors at all to accept the // certificate. return errors == SslPolicyErrors.None; } }); } else { // Client certificates are not required, so just use the // user-provided validation callback. This may be null, but // that's fine. SslStream will just use its default behavior // then. return(tlsConfig.RemoteCertificateValidationCallback); } }
private static RemoteCertificateValidationCallback MakeServerCertificateValidationCallback( EpoxyServerTlsConfig tlsConfig, Logger logger) { if (tlsConfig.ClientCertificateRequired) { // If client certificates are required, then add an explicit // check that the client provided a certificate. The default // behavior is to allow the connection even if the client // didn't present a certificate. return (sender, certificate, chain, errors) => { if (certificate == null) { logger.Site().Error("Rejecting client. Certificate required, but client did not provide one."); return false; } if (tlsConfig.RemoteCertificateValidationCallback != null) { // There's a user-provided validation callback, so // delegate to that. return tlsConfig.RemoteCertificateValidationCallback( sender, certificate, chain, errors); } else { // Otherwise, require no errors at all to accept the // certificate. return errors == SslPolicyErrors.None; } }; } else { // Client certificates are not required, so just use the // user-provided validation callback. This may be null, but // that's fine. SslStream will just use its default behavior // then. return tlsConfig.RemoteCertificateValidationCallback; } }