Ignoring certain SSL errors in WebRequest

B

Brian Lalonde

The WinHTTP object has enormous granularity in ignoring specific SSL errors.

SslErrorFlag_UnknownCA = 256,
SslErrorFlag_CertWrongUsage = 512,
SslErrorFlag_CertCNInvalid = 4096,
SslErrorFlag_CertDateInvalid = 8192,
SslErrorFlag_Ignore_All = 13056

This allowed me, for example, to declare ahead of time that a
nonmatching CName in the certificate should be ignored.

The HttpWebRequest .NET class seems only to provide a
SecureChannelFailure value to the Status of a WebException.

This seems require that anticipated errors may not be preset to ignore,
and more importantly, that an invalid CName error cannot be
distinguished from an invalid date, unknown authority, or wrong usage
certificate error.

Is this true, or am I missing something?
 
N

Nicole Calinoiu

Brian,

You can handle these error by setting the value of the static
CertificatePolicy property of System.Net.ServicePointManager to an object
that implements the System.Net.ICertificatePolicy interface. Taken
together, the MSDN topics for the interface and the property form a sample
of the technique.

HTH,
Nicole
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Invalid Characters, Posting XML Data, Webrequest 1
Could not establish secure channel for SSL/TLS 2

Top