On 1/1/2012 2:52 PM, Jeffrey Walton wrote:
> I have a ConnectionString which includes 'Encrypt=true', which uses
> SSL/TLS on the connection (or encourages its use).
>
> I want to perform some additional processing and testing with
> ServicePointManager in in ServerCertificateValidationCallback.
>
> My test code is below (adapted from Arne Vajhøj's earlier code).
> Unfortunately, ServerCertificateValidationCallback is not called, and
> I can't seem to figure out how to wire in ServicePointManager and
> ServerCertificateValidationCallback with Connection or
> ConnectionString.
>
> Any ideas?
To my best knowledge ServicePointManager is a HTTP(S)/URI/web only
thing.
SQLServer TDS encryption is something different.
According to:
http://msdn.microsoft.com/en-us/library/ms189067.aspx
the check is strict out of the box for SQLServer 2008 R2.
Arne
> public static void Main(string[] args)
> {
> ServicePointManager.ServerCertificateValidationCallback =
> PinCertificate;
> //WebRequest wr = WebRequest.Create("https://sql-server.home.pvt/");
> //wr.GetResponse();
>
> String connectionString = "Server=tcp:SQL-Server; User
> Id=development; Password=Password1; Encrypt=true";
> SqlConnection connection = new SqlConnection(connectionString);
> connection.Open();
> }
>
> public static bool PinCertificate(object sender, X509Certificate
> certificate,
> X509Chain chain, SslPolicyErrors
> sslPolicyErrors)
> {
> if (certificate == null)
> return false;
>
> if (chain == null)
> return false;
>
> byte[] chash = certificate.GetCertHash();
>
> StringBuilder sb = new StringBuilder(chash.Length * 2);
> foreach (byte b in chash)
> sb.AppendFormat("{0:X2}", b);
>
> // Verify against known SHA1 thumb print of the certificate
> String hash = sb.ToString();
> if (hash != "NNNN...NNNN")
> return false;
>
> return true;
> }
