Represents the method that will handle the validation of a server's certificate.
public delegate bool TmschValidationCallback(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors
);
The TmschValidationCallback delegate is used to provide a callback method that the SslStream class uses to validate the server's certificate.
| Parameter | Description |
|---|---|
sender |
The object that initiated the callback. |
certificate |
The certificate used to authenticate the remote party. |
chain |
The chain of certificates that device authentication uses to establish the identity of the remote party. |
sslPolicyErrors |
One or more errors associated with the certificate. If sslPolicyErrors is not SslPolicyErrors.None, the certificate is not trusted. |
true if the certificate is trusted; otherwise, false.
The TmschValidationCallback delegate is invoked when the client establishes a secure connection using the SslStream class. It allows you to customize the certificate validation process.
Typically, you would inspect the sslPolicyErrors parameter. If it is SslPolicyErrors.None, the certificate is considered valid by default. You might choose to return true in this case. If there are errors, you can implement custom logic to decide whether to trust the certificate (e.g., by checking specific properties of the certificate or chain).
Important: Be cautious when overriding default certificate validation behavior. Improper handling of certificate validation can lead to security vulnerabilities, such as Man-in-the-Middle (MITM) attacks. Only trust certificates that you have thoroughly validated.
The following example demonstrates how to create a custom validation callback method and assign it to the RemoteCertificateValidationCallback property of an SslStream.
// Assume 'sslStream' is an initialized SslStream object.
bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
// Certificate is trusted.
return true;
}
// You can add custom logic here to inspect the certificate and chain.
// For example, you might check for a specific issuer or thumbprint.
// For demonstration purposes, we'll only trust if there are no errors.
Console.WriteLine($"Certificate error: {sslPolicyErrors}");
return false;
}
// Assign the callback
sslStream.RemoteCertificateValidationCallback = new TmschValidationCallback(ValidateServerCertificate);