juicemia · December 9, 2022 18:38
diff --git a/sample.cs b/sample.cs
                  var caCert = X509Certificate2.CreateFromPem(options.CaCertificate!);

                    clientSettings.CreateHttpMessageHandler = () =>
                    {
                        var httpSettings = new SocketsHttpHandler()
                        {
                            // This is taken from the default implementation.
                            KeepAlivePingDelay = clientSettings.ConnectivitySettings.KeepAliveInterval,
                            KeepAlivePingTimeout = clientSettings.ConnectivitySettings.KeepAliveTimeout,
                        };
                        
                        httpSettings.SslOptions.RemoteCertificateValidationCallback = (
                            sender,
                            certificate,
                            chain,
                            errors) =>
                        {
                            if (errors == SslPolicyErrors.None)
                                return true;

                            if (errors != SslPolicyErrors.RemoteCertificateChainErrors)
                            {
                                logger.LogInformation("got SSL policy errors {Errors}", errors);
                                return false;
                            }

                            if (certificate == null)
                            {
                                logger.LogInformation("unable to validate eventstore cert: missing certificate");
                                return false;
                            }

                            if (chain == null)
                            {
                                logger.LogInformation(
                                    "unable to validate eventstore cert: missing chain");
                                return false;
                            }
                            
                            chain!.ChainPolicy.CustomTrustStore.Clear();
                            chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
                            chain.ChainPolicy.CustomTrustStore.Add(caCert);
                            
                            var valid = chain.Build(new X509Certificate2(certificate!));
                            if (!valid)
                            {
                                logger.LogInformation("certificate failed validation");
                            }

                            return valid;
                        };
                        
                        return httpSettings;
                    };
	var caCert = X509Certificate2.CreateFromPem(options.CaCertificate!);

	clientSettings.CreateHttpMessageHandler = () =>
	{
	var httpSettings = new SocketsHttpHandler()
	{
	// This is taken from the default implementation.
	KeepAlivePingDelay = clientSettings.ConnectivitySettings.KeepAliveInterval,
	KeepAlivePingTimeout = clientSettings.ConnectivitySettings.KeepAliveTimeout,
	};

	httpSettings.SslOptions.RemoteCertificateValidationCallback = (
	sender,
	certificate,
	chain,
	errors) =>
	{
	if (errors == SslPolicyErrors.None)
	return true;

	if (errors != SslPolicyErrors.RemoteCertificateChainErrors)
	{
	logger.LogInformation("got SSL policy errors {Errors}", errors);
	return false;
	}

	if (certificate == null)
	{
	logger.LogInformation("unable to validate eventstore cert: missing certificate");
	return false;
	}

	if (chain == null)
	{
	logger.LogInformation(
	"unable to validate eventstore cert: missing chain");
	return false;
	}

	chain!.ChainPolicy.CustomTrustStore.Clear();
	chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
	chain.ChainPolicy.CustomTrustStore.Add(caCert);

	var valid = chain.Build(new X509Certificate2(certificate!));
	if (!valid)
	{
	logger.LogInformation("certificate failed validation");
	}

	return valid;
	};

	return httpSettings;
	};