SslValidationType Enum

Specifies how the server's SSL certificate is validated.

This enumeration is used to determine the level of validation performed on an SSL certificate during a secure connection. It provides control over whether only the server's identity is checked or if the entire certificate chain is verified.

Syntax

public enum SslValidationType

Members

RemoteServer: Verifies the server's identity. This is the default validation behavior and is generally recommended for most applications. It ensures that the client is communicating with the intended server.
FullChain: Verifies the entire certificate chain from the server's certificate up to a trusted root authority. This provides a higher level of security by ensuring that the certificate is not only issued by a trusted authority but also that all intermediate certificates are valid.

Remarks

The SslValidationType enumeration is typically used in conjunction with classes like SslStream to configure the secure socket layer (SSL) or transport layer security (TLS) connection.

When establishing a secure connection, the choice of validation type impacts the security posture of the application. RemoteServer is suitable for scenarios where you need to trust the server's identity but may not have control over or require strict validation of the entire certificate chain. FullChain offers enhanced security by performing a more rigorous verification of the certificate's authenticity and trustworthiness.

Example

using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

public class SslExample
{
    public static async Task ConnectSecurelyAsync(string host, int port)
    {
        using (var client = new TcpClient())
        {
            await client.ConnectAsync(host, port);

            using (var sslStream = new SslStream(
                client.GetStream(),
                false,
                new RemoteCertificateValidationCallback(ValidateServerCertificate),
                null))
            {
                // You can specify the validation type here if needed,
                // but the callback handles the actual validation logic.
                // For example, you might check a property of the certificate
                // or use specific logic within ValidateServerCertificate.

                await sslStream.AuthenticateAsClientAsync(host);

                // Now you can send and receive data over the secure stream.
                Console.WriteLine("Connected securely!");
            }
        }
    }

    public static bool ValidateServerCertificate(
        object sender,
        X509Certificate? certificate,
        X509Chain? chain,
        SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
        {
            // Certificate is valid and trusted.
            return true;
        }

        Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

        // Depending on your SslValidationType requirement,
        // you might check chain.ChainStatus here for FullChain validation.
        // For RemoteServer, checking for RemoteServer errors might be sufficient.

        // For simplicity, we'll allow connections if errors are None.
        // In a production environment, you'd implement more robust validation logic.
        return false;
    }
}

SslValidationType Enum

Syntax

Members

Remarks

Example

See Also