How to ignore invalid certificate name

Question

I use FtpWebRequest with EnableSsl = true. But I have some problem. The certificate name is invalid, and when I receive an error "The remote certificate is invalid according to the validation procedure". How can I ingore invalid name error on certificate?

Answer 1

http://fabioscagliola.spaces.live.com/blog/cns!919F8FCDE3DC9AC4!154.entry?_c11_blogpart_blogpart=blogview&_c=blogpart#permalink

Answer 2

I use only FtpWebRequet with EnableSsl = true, but do not use SslStream.
How can I ignore invalid certificate name when I use FtpWebRequest?

Answer 3

You can validate the remote certificate using the remote certificate validation callback on the service point manager
See the sample below

 

using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Net.Security;
using System.Security.Policy;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
class Program
{
 static void Main(string[] args)
 {
  Stream s = null;
  StreamReader sr = null;
  HttpWebResponse res = null;
  try{
      //Hook a callback to verify the remote certificate
      ServicePointManager.ServerCertificateValidationCallback =
        new RemoteCertificateValidationCallback(MyCertValidationCb); 

      HttpWebRequest req
        = (HttpWebRequest)
           WebRequest.Create("https://localhost/SecureNoClientCerts/test.htm");

   req.Proxy = null;

   res = req.GetResponse() as HttpWebResponse;
   s = res.GetResponseStream();
   sr = new StreamReader(s, Encoding.UTF8);
   Console.WriteLine(sr.ReadToEnd());
  }
  catch(Exception ex){
   Console.WriteLine(ex);
  }
  finally{
   if(res != null) res.Close();
   if(s != null) s.Close();
   if(sr != null) sr.Close();
  }
 }

  public static bool MyCertValidationCb(
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors)
  {
    if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors)
              == SslPolicyErrors.RemoteCertificateChainErrors)
    {
      return false;
    }
    else if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch)
                    == SslPolicyErrors.RemoteCertificateNameMismatch)
    {
      Zone z;
      z = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
      if (z.SecurityZone == System.Security.SecurityZone.Intranet
        || z.SecurityZone == System.Security.SecurityZone.MyComputer)
      {
        return true;
      }
      return false;
    }
    return false;
  } 
}

Answer 4

Durgaprasad Gorti,
Thanks! You helped me!

Answer 5

Hi,

 

The classes do not seem to exist in .NETCF2.0. Is this correct?  Do you know the compact framework equivilent code?

 

Many Thanks

 

NozFx

Answer 6

Good stuff, thank you so much, used your code and it worked like a charm.

Answer 7

Durga, How would you do the same thing (the callback hookup) in VB.Net? Could you please help. Thanks

Answer 8

I was able to resolve this by putting this in Form_Load

ServicePointManager.ServerCertificateValidationCallback =

AddressOf MyCertValidationCb