Syntax
public sealed class SslValidationContext
Remarks
The SslValidationContext class is used when performing custom SSL certificate validation. It is passed to the callback function specified by the RemoteCertificateValidationCallback delegate. This context object contains important information about the server's certificate and the context in which the validation is occurring, allowing you to make informed decisions about whether to trust the certificate.
Key properties of this class include Certificate, which gives you access to the X509Certificate2 object representing the server's certificate, and ChainPolicy, which provides details about the certificate chain and the validation policy applied.
Properties
-
Certificate
Gets the
X509Certificate2object for the server's certificate.// Assuming 'context' is an instance of SslValidationContext X509Certificate2 serverCertificate = context.Certificate; if (serverCertificate != null) { Console.WriteLine($"Server certificate subject: {serverCertificate.Subject}"); } -
ChainPolicy
Gets the
X509ChainPolicyobject used for certificate validation.// Assuming 'context' is an instance of SslValidationContext X509ChainPolicy policy = context.ChainPolicy; if (policy != null) { Console.WriteLine($"Certificate policy trust mode: {policy.TrustMode}"); }
Methods
-
Equals(object obj)
Determines whether the specified object is equal to the current object.
-
GetHashCode()
Serves as the default hash function.
-
GetType()
Gets the type of the current instance.
-
ToString()
Returns a string that represents the current object.
Example Usage
Custom Certificate Validation Callback
This example demonstrates how to use SslValidationContext within a custom certificate validation callback to inspect the server's certificate.
using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
public class CustomSslValidator
{
public static async Task ValidateServerCertificate(string host, int port)
{
using (var client = new TcpClient())
{
await client.ConnectAsync(host, port);
using (var sslStream = new SslStream(client.GetStream(), false,
new RemoteCertificateValidationCallback(ValidateCertificate)))
{
try
{
await sslStream.AuthenticateAsClientAsync(host);
Console.WriteLine($"Successfully authenticated with {host}");
// Proceed with secure communication
}
catch (System.Security.Authentication.AuthenticationException ex)
{
Console.WriteLine($"Authentication failed: {ex.Message}");
}
}
}
}
public static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// Create an SslValidationContext for inspection (note: actual context is usually passed implicitly)
// In a real scenario, the SslValidationContext would be part of a more complex setup or
// the necessary information would be derived from the parameters.
// For demonstration, we'll focus on the provided parameters.
Console.WriteLine($"Certificate validation initiated for: {((X509Certificate2)certificate).GetNameInfo(X509NameType.DnsName, false)}");
Console.WriteLine($"SSL Policy Errors: {sslPolicyErrors}");
// Example: Trust a specific issuer or check policy details
if (sslPolicyErrors == SslPolicyErrors.None)
{
Console.WriteLine("Certificate is valid.");
return true; // Trust the certificate
}
else
{
// More sophisticated validation can happen here
// For example, inspect the chain:
// X509ChainPolicy chainPolicy = new X509ChainPolicy();
// chainPolicy.RevocationMode = X509RevocationMode.NoCheck; // Example of modifying policy
// X509Chain customChain = new X509Chain();
// customChain.ChainPolicy = chainPolicy;
// customChain.Build((X509Certificate2)certificate);
// ... analyze customChain.ChainStatus ...
Console.WriteLine($"Certificate validation failed. Returning false.");
return false; // Do not trust the certificate
}
}
// To run this example:
// public static void Main(string[] args)
// {
// ValidateServerCertificate("www.google.com", 443).Wait();
// }
}
Requirements
| Assembly | File |
|---|---|
| System.Net.Primitives | System.Net.dll |