Namespace: System.Net
RemoteCertificateValidationCallback Delegate
Represents the method that handles the validation of a remote server's X.509 certificate.
Assembly: System.Net.Primitives.dll
Declaration
public delegate bool RemoteCertificateValidationCallback(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
);Remarks
The RemoteCertificateValidationCallback delegate is used by the SslStream class to validate the certificate presented by a remote server during an SSL/TLS handshake. You can provide a custom implementation of this delegate to control how certificates are trusted.
This delegate is assigned to the SslStream.RemoteCertificateValidationCallback property.
When the callback is invoked, the following parameters are passed:
Parameters
| Name | Type | Description |
|---|---|---|
sender |
Object | The object that initiated the callback. This is typically an instance of the SslStream class. |
certificate |
X509Certificate | The certificate presented by the remote server. |
chain |
X509Chain | The X.509 certificate chain associated with the remote certificate. |
sslPolicyErrors |
SslPolicyErrors | A bitwise combination of enumeration values that indicates errors encountered during certificate validation. |
Return Value
| Type | Description |
|---|---|
| Boolean | true if the certificate is trusted and validation should succeed; otherwise, false. |
Example
C# Example
The following example shows how to create a custom validation callback that accepts any certificate (for testing purposes only). In production environments, you should implement more robust validation logic.
using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;
public class SslClient
{
public static void Connect(string host, int port)
{
TcpClient client = new TcpClient(host, port);
using (SslStream sslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null))
{
try
{
// Authenticate the client and server.
sslStream.AuthenticateAsClient(host);
// Do the communication with the server.
byte[] message = Encoding.UTF8.GetBytes("Hello from client!");
sslStream.Write(message);
// Read message from the server.
byte[] buffer = new byte[2048];
int bytesRead = sslStream.Read(buffer, 0, buffer.Length);
Console.WriteLine("Received: {0}", Encoding.UTF8.GetString(buffer, 0, bytesRead));
}
catch (Exception ex)
{
Console.WriteLine($"Error: {ex.Message}");
}
}
client.Close();
}
// Custom certificate validation callback
public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
// Server certificate is trusted.
return true;
}
// For testing purposes, allow any certificate.
// **WARNING: Do not use this in production environments.**
Console.WriteLine($"Certificate error: {sslPolicyErrors}");
return true;
}
// To run this example:
// SslClient.Connect("your_server_host", 12345);
}