/// <summary> /// The callback used to defer the call context, such that each scope can have its own callback /// </summary> /// <returns><c>true</c>, if point manager certificate callback was serviced, <c>false</c> otherwise.</returns> /// <param name="sender">The sender of the validation.</param> /// <param name="certificate">The certificate to validate.</param> /// <param name="chain">The certificate chain.</param> /// <param name="sslPolicyErrors">Errors discovered.</param> private static bool ServicePointManagerCertificateCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { // If we have a custom SSL validator, invoke it if (HttpContextSettings.CertificateValidator != null) { return(CertificateValidator.ValidateServerCertficate(sender, certificate, chain, sslPolicyErrors)); } // Default is to only approve certificates without errors var result = sslPolicyErrors == SslPolicyErrors.None; // Hack: If we have no validator, see if the context is all messed up // This is not the right way, but ServicePointManager is not designed right for this var any = false; foreach (var v in CallContextSettings <HttpSettings> .GetAllInstances()) { if (v.CertificateValidator != null) { var t = v.CertificateValidator.ValidateServerCertficate(sender, certificate, chain, sslPolicyErrors); // First instance overrides framework result if (!any) { result = t; } // If there are more, we see if anyone will accept it else { result |= t; } any = true; } } return(result); }