Class CertificateValidations
A collection of handy baked in server certificate validation callbacks
Inherited Members
Namespace: OpenSearch .Net
Assembly: OpenSearch.Net.dll
Syntax
public static class CertificateValidationsMethods
| Edit this page View SourceAllowAll(object, X509Certificate, X509Chain, SslPolicyErrors)
DANGEROUS, never use this in production validates ALL certificates to true.
Declaration
public static bool AllowAll(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)Parameters
| Type | Name | Description |
|---|---|---|
| object | sender | |
| X509Certificate | certificate | |
| X509Chain | chain | |
| Ssl |
errors |
Returns
| Type | Description |
|---|---|
| bool | Always true, allowing ALL certificates |
AuthorityIsRoot(X509Certificate, bool, X509RevocationMode)
Helper to create a certificate validation callback based on the certificate authority certificate that we used to generate the nodes certificates with. This callback does NOT expect the CA to be part of the chain presented by the server. Including the root certificate in the chain increases the SSL handshake size and OpenSearch's certgen by default does not include the CA in the certificate chain.
Declaration
public static Func<object, X509Certificate, X509Chain, SslPolicyErrors, bool> AuthorityIsRoot(X509Certificate caCertificate, bool trustRoot = true, X509RevocationMode revocationMode = X509RevocationMode.NoCheck)Parameters
| Type | Name | Description |
|---|---|---|
| X509Certificate | caCertificate | The ca certificate used to generate the nodes certificate |
| bool | trustRoot | Custom CA are never trusted by default unless they are in the machines trusted store, set this to true if you've added the CA to the machines trusted store. In which case UntrustedRoot should not be accepted. |
| X509Revocation |
revocationMode | By default we do not check revocation, it is however recommended to check this (either offline or online). |
Returns
| Type | Description |
|---|---|
| Func<object, X509Certificate, X509Chain, Ssl |
AuthorityPartOfChain(X509Certificate, bool, X509RevocationMode)
Helper to create a certificate validation callback based on the certificate authority certificate that we used to generate the nodes certificates with. This callback expects the CA to be part of the chain as intermediate CA.
Declaration
public static Func<object, X509Certificate, X509Chain, SslPolicyErrors, bool> AuthorityPartOfChain(X509Certificate caCertificate, bool trustRoot = true, X509RevocationMode revocationMode = X509RevocationMode.NoCheck)Parameters
| Type | Name | Description |
|---|---|---|
| X509Certificate | caCertificate | The ca certificate used to generate the nodes certificate |
| bool | trustRoot | Custom CA are never trusted by default unless they are in the machines trusted store, set this to true if you've added the CA to the machines trusted store. In which case UntrustedRoot should not be accepted. |
| X509Revocation |
revocationMode | By default we do not check revocation, it is however recommended to check this (either offline or online). |
Returns
| Type | Description |
|---|---|
| Func<object, X509Certificate, X509Chain, Ssl |
DenyAll(object, X509Certificate, X509Chain, SslPolicyErrors)
Always false, in effect blocking ALL certificates
Declaration
public static bool DenyAll(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)Parameters
| Type | Name | Description |
|---|---|---|
| object | sender | |
| X509Certificate | certificate | |
| X509Chain | chain | |
| Ssl |
errors |
Returns
| Type | Description |
|---|---|
| bool | Always false, always blocking ALL certificates |