static RemoteCertificateValidationCallback MakeServerCertificateValidationCallback(
EpoxyServerTlsConfig tlsConfig,
Logger logger)
{
if (tlsConfig.ClientCertificateRequired)
{
// If client certificates are required, then add an explicit
// check that the client provided a certificate. The default
// behavior is to allow the connection even if the client
// didn't present a certificate.
return((sender, certificate, chain, errors) =>
{
if (certificate == null)
{
logger.Site().Error("Rejecting client. Certificate required, but client did not provide one.");
return false;
}
if (tlsConfig.RemoteCertificateValidationCallback != null)
{
// There's a user-provided validation callback, so
// delegate to that.
return tlsConfig.RemoteCertificateValidationCallback(
sender,
certificate,
chain,
errors);
}
else
{
// Otherwise, require no errors at all to accept the
// certificate.
return errors == SslPolicyErrors.None;
}
});
}
else
{
// Client certificates are not required, so just use the
// user-provided validation callback. This may be null, but
// that's fine. SslStream will just use its default behavior
// then.
return(tlsConfig.RemoteCertificateValidationCallback);
}
}
private static RemoteCertificateValidationCallback MakeServerCertificateValidationCallback(
EpoxyServerTlsConfig tlsConfig,
Logger logger)
{
if (tlsConfig.ClientCertificateRequired)
{
// If client certificates are required, then add an explicit
// check that the client provided a certificate. The default
// behavior is to allow the connection even if the client
// didn't present a certificate.
return (sender, certificate, chain, errors) =>
{
if (certificate == null)
{
logger.Site().Error("Rejecting client. Certificate required, but client did not provide one.");
return false;
}
if (tlsConfig.RemoteCertificateValidationCallback != null)
{
// There's a user-provided validation callback, so
// delegate to that.
return tlsConfig.RemoteCertificateValidationCallback(
sender,
certificate,
chain,
errors);
}
else
{
// Otherwise, require no errors at all to accept the
// certificate.
return errors == SslPolicyErrors.None;
}
};
}
else
{
// Client certificates are not required, so just use the
// user-provided validation callback. This may be null, but
// that's fine. SslStream will just use its default behavior
// then.
return tlsConfig.RemoteCertificateValidationCallback;
}
}
