Skip to content

Commit

Permalink
Update certificate validation callback (#4071)
Browse files Browse the repository at this point in the history
  • Loading branch information
@pepone
pepone authored Sep 16, 2024
1 parent 2cbf182 commit 170aa1e
Show file tree
Hide file tree
Showing 10 changed files with 130 additions and 60 deletions.
19 changes: 13 additions & 6 deletions examples/protobuf/GenericHost/Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,19 @@
// validate the peer certificates.
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};
});
Expand Down
19 changes: 13 additions & 6 deletions examples/protobuf/Quic/Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,19 @@
{
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};

Expand Down
19 changes: 13 additions & 6 deletions examples/protobuf/Secure/Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,19 @@
{
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};

Expand Down
19 changes: 13 additions & 6 deletions examples/protobuf/TcpFallback/Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,19 @@
{
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};

Expand Down
19 changes: 13 additions & 6 deletions examples/slice/GenericHost/Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,19 @@
// validate the peer certificates.
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};
});
Expand Down
19 changes: 13 additions & 6 deletions examples/slice/Quic/Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,19 @@
{
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};

Expand Down
19 changes: 13 additions & 6 deletions examples/slice/Secure/Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,19 @@
{
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};

Expand Down
19 changes: 13 additions & 6 deletions examples/slice/TcpFallback/Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,19 @@
{
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};

Expand Down
19 changes: 13 additions & 6 deletions src/IceRpc.Templates/Templates/IceRpc-Protobuf-Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,19 @@
{
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};

Expand Down
19 changes: 13 additions & 6 deletions src/IceRpc.Templates/Templates/IceRpc-Slice-Client/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,19 @@
{
RemoteCertificateValidationCallback = (sender, certificate, chain, errors) =>
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build((X509Certificate2)certificate!);
if (certificate is X509Certificate2 peerCertificate)
{
using var customChain = new X509Chain();
customChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
customChain.ChainPolicy.DisableCertificateDownloads = true;
customChain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
customChain.ChainPolicy.CustomTrustStore.Add(rootCA);
return customChain.Build(peerCertificate);
}
else
{
return false;
}
}
};

Expand Down

0 comments on commit 170aa1e

Please sign in to comment.