How To associate ServicePointManager with Connection?

[Jeffrey Walton]

Hi All,

I have a ConnectionString which includes 'Encrypt=true', which uses
SSL/TLS on the connection (or encourages its use).

I want to perform some additional processing and testing with
ServicePointManager in in ServerCertificateValidationCallback.

My test code is below (adapted from Arne Vajhøj's earlier code).
Unfortunately, ServerCertificateValidationCallback is not called, and
I can't seem to figure out how to wire in ServicePointManager and
ServerCertificateValidationCallback with Connection or
ConnectionString.

Any ideas?

Jeff

public static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback =
PinCertificate;
//WebRequest wr = WebRequest.Create("https://sql-server.home.pvt/");
//wr.GetResponse();

String connectionString = "Server=tcp:SQL-Server; User
Id=development; Password=Password1; Encrypt=true";
SqlConnection connection = new SqlConnection(connectionString);
connection.Open();
}

public static bool PinCertificate(object sender, X509Certificate
certificate,
X509Chain chain, SslPolicyErrors
sslPolicyErrors)
{
if (certificate == null)
return false;

if (chain == null)
return false;

byte[] chash = certificate.GetCertHash();

StringBuilder sb = new StringBuilder(chash.Length * 2);
foreach (byte b in chash)
sb.AppendFormat("{0:X2}", b);

// Verify against known SHA1 thumb print of the certificate
String hash = sb.ToString();
if (hash != "NNNN...NNNN")
return false;

return true;
}

 

[Arne Vajhøj]

I have a ConnectionString which includes 'Encrypt=true', which uses
SSL/TLS on the connection (or encourages its use).

I want to perform some additional processing and testing with
ServicePointManager in in ServerCertificateValidationCallback.

My test code is below (adapted from Arne Vajhøj's earlier code).
Unfortunately, ServerCertificateValidationCallback is not called, and
I can't seem to figure out how to wire in ServicePointManager and
ServerCertificateValidationCallback with Connection or
ConnectionString.

Any ideas?

To my best knowledge ServicePointManager is a HTTP(S)/URI/web only
thing.

SQLServer TDS encryption is something different.

According to:

http://msdn.microsoft.com/en-us/library/ms189067.aspx

the check is strict out of the box for SQLServer 2008 R2.

Arne

public static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback =
PinCertificate;
//WebRequest wr = WebRequest.Create("https://sql-server.home.pvt/");
//wr.GetResponse();

String connectionString = "Server=tcp:SQL-Server; User
Id=development; Password=Password1; Encrypt=true";
SqlConnection connection = new SqlConnection(connectionString);
connection.Open();
}

public static bool PinCertificate(object sender, X509Certificate
certificate,
X509Chain chain, SslPolicyErrors
sslPolicyErrors)
{
if (certificate == null)
return false;

if (chain == null)
return false;

byte[] chash = certificate.GetCertHash();

StringBuilder sb = new StringBuilder(chash.Length * 2);
foreach (byte b in chash)
sb.AppendFormat("{0:X2}", b);

// Verify against known SHA1 thumb print of the certificate
String hash = sb.ToString();
if (hash != "NNNN...NNNN")
return false;

return true;
}

 

[Jeffrey Walton]

To my best knowledge ServicePointManager is a HTTP(S)/URI/web only
thing.

SQLServer TDS encryption is something different.

According to:

http://msdn.microsoft.com/en-us/library/ms189067.aspx

the check is strict out of the box for SQLServer 2008 R2.

Thanks Arne.

https://connect.microsoft.com/Visua...s-and-additional-server-authentication-checks

Jeff