public override bool ValidateServerCertificate(Uri uri, X509Certificate2 certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
var now = DateTime.Now;
if (_verifyHostname)
{
if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNameMismatch))
{
Logger?.Error(null, $"{GetType().Name}: Certificate '{certificate.Subject}' does not match with host name '{uri.Host}'.");
return(false);
}
}
if (!CertHelper.CheckValidity(certificate, now))
{
Logger?.Error(null, $"{GetType().Name}: Certificate '{certificate.Subject}' is not valid at the time of validity check '{now}'.");
return(false);
}
if (CertHelper.FindCertificate(_location, StoreName.TrustedPeople, certificate))
{
if (CertHelper.FindCertificate(_location, StoreName.Disallowed, certificate))
{
Logger?.Error(null, $"{GetType().Name}: Certificate '{certificate.Subject}' is found in '{_location}\\Disallowed` store.");
return(false);
}
Logger?.Info($"{GetType().Name}: Trusting {uri} with certificate '{certificate.Subject}'.");
return(true);
}
Logger?.Error(null, $"{GetType().Name}: Unable to locate a certificate for {uri} in '{_location}\\TrustedPeople` store.");
return(false);
}
public override bool ValidateServerCertificate(Uri uri, X509Certificate2 certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
var now = DateTime.Now;
if (_verifyHostname)
{
if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNameMismatch))
{
Logger?.Error(null,
$"{GetType().Name}: Certificate '{certificate.Subject}' does not match with host name '{uri.Host}'.");
return(false);
}
}
if (!CertHelper.CheckValidity(certificate, now))
{
Logger?.Error(null,
$"{GetType().Name}: Certificate '{certificate.Subject}' is not valid at the time of validity check '{now}'.");
return(false);
}
for (var i = chain.ChainElements.Count - 1; i >= 0; i--)
{
if (CertHelper.FindCertificate(_trustedCertificates, chain.ChainElements[i].Certificate))
{
Logger?.Info($"{GetType().Name}: Trusting {uri} with certificate '{certificate.Subject}'.");
return(true);
}
}
Logger?.Error(null,
$"{GetType().Name}: Unable to locate a certificate for {uri} in provided trusted certificates.");
return(false);
}
