Namespace: System.Net.Security
Specifies flags that control the behavior of SSL/TLS certificate verification.
This enumeration is used with the SslVerificationFlags property of the SslClientAuthenticationOptions class to customize how client certificate validation is performed.
The SslVerificationFlags enumeration has the following members:
None
No special verification flags are applied. Default certificate validation rules apply.
IgnoreInvalidClientCertificateType
If this flag is set, the client certificate type is not validated. This can be useful in scenarios where the certificate type might not conform to strict standards but is still trusted by the server.
IgnoreInvalidCn
If this flag is set, the Common Name (CN) of the certificate is not validated against the host name. This should be used with caution as it bypasses a critical security check.
IgnoreInvalidIssuer
If this flag is set, the issuer of the certificate is not validated. This is a significant security risk and should only be used in specific, controlled scenarios.
IgnoreChainBuildingErrors
If this flag is set, errors encountered during the construction of the certificate chain are ignored. This can lead to accepting certificates that have untrusted or incomplete trust chains.
IgnoreAllCertificateRevocationChecking
If this flag is set, all certificate revocation checks (e.g., CRLs, OCSP) are disabled. This bypasses a crucial mechanism for ensuring that certificates have not been revoked.
The SslVerificationFlags enumeration provides fine-grained control over SSL/TLS certificate verification. It is essential to understand the security implications of using these flags. In most production environments, it is recommended to use the default behavior (None) or only employ specific flags when absolutely necessary and with a thorough understanding of the risks involved.
Using flags like IgnoreInvalidCn, IgnoreInvalidIssuer, or IgnoreAllCertificateRevocationChecking can significantly weaken the security of your SSL/TLS connections, potentially exposing your application to man-in-the-middle attacks and other vulnerabilities.
When using these flags, ensure that alternative security measures are in place to mitigate the risks introduced by bypassing standard certificate validation checks.
Minimum supported client
Windows 7
Minimum supported server
Windows Server 2008
Product
.NET Framework
Assembly
System (in System.dll)
System.Net.Security NamespaceSslClientAuthenticationOptions Class