如何调用默认ServerCertificateValidationCallback内定制验证？ [英] How to call default ServerCertificateValidationCallback inside customized validation?

问题描述

我要修改.Net的默认值 ServerCertificateValidationCallback 以验证我公司的某些证书​​，但保留其他证书的默认验证。

I want to modify .Net's default ServerCertificateValidationCallback to validate as true some of my company's certificates, but keeping the default validation for other certificates.

我不能这样做，因为默认的 ServerCertificateValidationCallback 值为null。

I can't seem to do this since the default ServerCertificateValidationCallback value is null.

ServicePointManager.ServerCertificateValidationCallback = 
(sender, certificate, chain, sslPolicyErrors) => 
 validCertificatesSerialNumbers.Contains(certificate.GetSerialNumberString()) ||    
 defaultlCallback.Invoke(sender, certificate, chain, sslPolicyErrors) //How do I set defaultCallback?
;

谢谢

推荐答案

从我在参考中可以了解的内容来源这是回调发挥作用：

From what I can tell in the reference source this is where the callback comes into play:

if (ServicePointManager.ServerCertificateValidationCallback != null)
{
    useDefault = false;
    return ServicePointManager.ServerCertValidationCallback.
                               Invoke(m_Request,
                                      certificate,
                                      chain,
                                      sslPolicyErrors);
}

if (useDefault)
    return sslPolicyErrors == SslPolicyErrors.None;

这意味着验证已经执行，并且知道它是否通过你只需要检查 sslPolicyErrors 参数。您将这样做：

Which means that the validation has already been performed and to know whether it passes you just need to check the sslPolicyErrors argument. You would do this:

ServicePointManager.ServerCertificateValidationCallback = 
(sender, certificate, chain, sslPolicyErrors) => 
validCertificatesSerialNumbers.Contains(certificate.GetSerialNumberString()) || (sslPolicyErrors == SslPolicyErrors.None);

这篇关于如何调用默认ServerCertificateValidationCallback内定制验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！