Namespace: System.Net.Security
Assembly: System.Net.Security.dll
Inheritance: Object → EventArgs → SslPolicyErrorsArgs
Derived classes: None
Provides data for the SslPolicyErrors event.
This class is used to report errors that occur during SSL (Secure Sockets Layer) or TLS (Transport Layer Security) certificate validation. When a client or server connection requires certificate validation, and an error is encountered (e.g., an invalid certificate, a self-signed certificate, or an expired certificate), an instance of SslPolicyErrorsArgs is passed to the event handler. This allows for inspection of the specific errors and a programmatic decision on whether to proceed with the connection.
This class does not contain any fields.
| Name | Description |
|---|---|
SslPolicyErrors |
Gets the set of errors that occurred during SSL/TLS certificate validation. |
| Name | Description |
|---|---|
ToString() |
Returns a string representation of the SslPolicyErrorsArgs object. |
This class has no public constructors.
This class does not declare any events.
The following C# code example demonstrates how to handle the SslPolicyErrors event and inspect the SslPolicyErrorsArgs to decide whether to trust a server's certificate.
using System; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; using System.IO; using System.Text; public class SslExample { public static void Main() { // Create a WebClient that will use a custom certificate policy using (WebClient client = new WebClient()) { // Set the RemoteCertificateValidationCallback to a custom handler ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate); try { // Attempt to download content from a secure URL (e.g., one with a self-signed certificate for testing) // Replace with a URL that demonstrates certificate validation for your needs string result = client.DownloadString("https://example.com"); Console.WriteLine("Download successful."); Console.WriteLine(result.Substring(0, 100) + "..."); } catch (WebException e) { Console.WriteLine("An error occurred: " + e.Message); } } } // Custom callback method to validate the server certificate public static bool ValidateServerCertificate( object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors) { // Inspect the SslPolicyErrors argument Console.WriteLine($"Certificate validation errors: {sslPolicyErrors}"); // If there are errors, inspect them if (sslPolicyErrors != SslPolicyErrors.None) { // Example: If the error is due to a self-signed certificate, and we want to accept it if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateChainErrors)) { Console.WriteLine("Ignoring certificate chain errors (e.g., self-signed certificate)."); // In a real application, you would have more robust validation logic here. // For demonstration, we'll allow it. return true; } // Add other conditions to handle specific errors as needed else if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNameMismatch)) { Console.WriteLine("Certificate name mismatch detected. Denying connection."); return false; } // For any other errors, reject the connection else { Console.WriteLine("Other SSL policy errors detected. Denying connection."); return false; } } // If there are no errors, the certificate is considered valid Console.WriteLine("Certificate validation successful. No errors."); return true; } }
| Environment | Requirements |
|---|---|
| .NET Framework | .NET Framework 4.0, .NET Framework 4.5, .NET Framework 4.5.1, .NET Framework 4.5.2, .NET Framework 4.6, .NET Framework 4.6.1, .NET Framework 4.6.2, .NET Framework 4.7, .NET Framework 4.7.1, .NET Framework 4.7.2, .NET Framework 4.8 |
| .NET Core | .NET Core 1.0, .NET Core 1.1, .NET Core 2.0, .NET Core 2.1, .NET Core 2.2, .NET Core 3.0, .NET Core 3.1, .NET 5, .NET 6, .NET 7, .NET 8 |