我想修改 .Net 的默认 ServerCertificateValidationCallback 以验证我公司的某些证书​​为真,但保留其他证书的默认验证。

我似乎无法这样做,因为默认的 ServerCertificateValidationCallback 值为空。

ServicePointManager.ServerCertificateValidationCallback =
(sender, certificate, chain, sslPolicyErrors) =>
 validCertificatesSerialNumbers.Contains(certificate.GetSerialNumberString()) ||
 defaultlCallback.Invoke(sender, certificate, chain, sslPolicyErrors) //How do I set defaultCallback?
;

谢谢

最佳答案

从我在 reference source 中可以看出,这是回调发挥作用的地方:

if (ServicePointManager.ServerCertificateValidationCallback != null)
{
    useDefault = false;
    return ServicePointManager.ServerCertValidationCallback.
                               Invoke(m_Request,
                                      certificate,
                                      chain,
                                      sslPolicyErrors);
}

if (useDefault)
    return sslPolicyErrors == SslPolicyErrors.None;

这意味着验证已经执行,要知道它是否通过,您只需要检查 sslPolicyErrors 参数。你会这样做:
ServicePointManager.ServerCertificateValidationCallback =
(sender, certificate, chain, sslPolicyErrors) =>
validCertificatesSerialNumbers.Contains(certificate.GetSerialNumberString()) || (sslPolicyErrors == SslPolicyErrors.None);

10-07 15:12