SslValidationFlags Enumeration
Specifies flags that control the validation of SSL/TLS certificates.
Syntax
public enum SslValidationFlagsMembers
| Member | Description | 0Value |
|---|---|---|
None |
No special validation is performed. This is the default value. | 0 |
AllowServerCertAuth |
Allows the server to authenticate itself using a server certificate. This flag is typically used when client certificates are not required but server authentication is. | 1 |
AllowClientCertAuth |
Allows the client to authenticate itself using a client certificate. This flag is typically used when client certificates are optional. | 2 |
IgnoreRevokedCertificates |
Instructs the validation process to ignore revoked certificates. This can be useful in specific scenarios but should be used with caution as it weakens security. | 4 |
IgnoreInvalidDate |
Instructs the validation process to ignore certificates with invalid dates (e.g., expired or not yet valid). Use with extreme caution. | 8 |
IgnoreInvalidName |
Instructs the validation process to ignore certificates with invalid names (e.g., hostname mismatch). Use with extreme caution. | 16 |
AllowUntrustedCertificateAuthority |
Allows certificates that are signed by an untrusted certificate authority. This flag significantly weakens security and should be avoided in most production environments. | 32 |
Remarks
The SslValidationFlags enumeration is used to customize the certificate validation process in
.NET applications. By default, certificate validation is strict to ensure secure communication.
However, in certain development or testing scenarios, you might need to relax some validation checks.
It is crucial to understand the security implications before using any of these flags, especially in production environments.
Note: Using flags like
IgnoreRevokedCertificates, IgnoreInvalidDate, IgnoreInvalidName, or AllowUntrustedCertificateAuthority can expose your application to security vulnerabilities. These flags should be used judiciously and only when absolutely necessary, with a clear understanding of the risks involved.