Uploaded image for project: 'Couchbase .NET client library'
  1. Couchbase .NET client library
  2. NCBC-2789

Unable to override the remote name mismatch error with custom validation

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.1.0
    • 3.1.2
    • None
    • None
    • 1
    • Critical

    Attachments

      Issue Links

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          Vishnu Vishnu added a comment - - edited

          i would like to over ride the remotenamemismatch error with following custom validation

          ServicePointManager.ServerCertificateValidationCallback += delegate (
          object sender,
          X509Certificate cert,
          X509Chain chain,
          SslPolicyErrors sslPolicyErrors)
          {
          if (sslPolicyErrors == SslPolicyErrors.None)

          { return true; //Is valid }

          if (cert.GetCertHashString() == "12222222222222222")

          { return true; }

          return false;
          };

           

          but in my current code it is not working and always getting "The remote certificate is invalid according to the validation procedure.".  when i enable the Ignoreremotenamemismatch as true in cluster options. its working.

          Vishnu Vishnu added a comment - - edited i would like to over ride the remotenamemismatch error with following custom validation ServicePointManager.ServerCertificateValidationCallback += delegate ( object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) { return true; //Is valid } if (cert.GetCertHashString() == "12222222222222222") { return true; } return false; };   but in my current code it is not working and always getting "The remote certificate is invalid according to the validation procedure.".  when i enable the Ignoreremotenamemismatch as true in cluster options. its working.
          Vishnu Vishnu added a comment -

          public async Task sslConnectionTest()
          {

          ServicePointManager.ServerCertificateValidationCallback += delegate (
          object sender,
          X509Certificate cert,
          X509Chain chain,
          SslPolicyErrors sslPolicyErrors)
          {
          if (sslPolicyErrors == SslPolicyErrors.None)

          { Console.WriteLine("Policy ::: "+sslPolicyErrors); return true; //Is valid }

          Console.WriteLine("Cert Hashstring ---"+cert.GetCertHashString());

          if (cert.GetCertHashString() == "7572372030203402304")

          { Console.WriteLine("Custom validation with HashString ::: " +cert.GetCertHashString()); return true; }

          return false;
          };

          var options = new ClusterOptions()

          { EnableTls = true //IgnoreRemoteCertificateNameMismatch = true }

          .WithConnectionString("127.0.0.1")
          .WithCredentials("test", "test")
          //.WithX509CertificateFactory(CertificateFactory.GetCertificatesByPathAndPassword("./couchbase.pem","test"));

          ICluster cluster = await Cluster.ConnectAsync(options)
          .ConfigureAwait(false);
          IBucket bucket = await cluster.BucketAsync("test")
          .ConfigureAwait(false);
          var collection = bucket.DefaultCollection();

          var result = await collection.GetAsync("my-document");
          var content = result.ContentAs<dynamic>();

          Console.WriteLine(content);

          bucket.Dispose();
          cluster.Dispose();
          }

          Vishnu Vishnu added a comment - public async Task sslConnectionTest() { ServicePointManager.ServerCertificateValidationCallback += delegate ( object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) { Console.WriteLine("Policy ::: "+sslPolicyErrors); return true; //Is valid } Console.WriteLine("Cert Hashstring ---"+cert.GetCertHashString()); if (cert.GetCertHashString() == "7572372030203402304") { Console.WriteLine("Custom validation with HashString ::: " +cert.GetCertHashString()); return true; } return false; }; var options = new ClusterOptions() { EnableTls = true //IgnoreRemoteCertificateNameMismatch = true } .WithConnectionString("127.0.0.1") .WithCredentials("test", "test") //.WithX509CertificateFactory(CertificateFactory.GetCertificatesByPathAndPassword("./couchbase.pem","test")); ICluster cluster = await Cluster.ConnectAsync(options) .ConfigureAwait(false); IBucket bucket = await cluster.BucketAsync("test") .ConfigureAwait(false); var collection = bucket.DefaultCollection(); var result = await collection.GetAsync("my-document"); var content = result.ContentAs<dynamic>(); Console.WriteLine(content); bucket.Dispose(); cluster.Dispose(); }
          jmorris Jeff Morris added a comment -

          New syntax for 3.1.2:

          var clusterOptions = new ClusterOptions();
          clusterOptions.EnableTls = true;
          clusterOptions.KvCertificateCallbackValidation = (sender, certificate, chain, sslPolicyErrors) =>
          {
               //Add your custom validation here
          };            
          

          jmorris Jeff Morris added a comment - New syntax for 3.1.2: var clusterOptions = new ClusterOptions(); clusterOptions.EnableTls = true; clusterOptions.KvCertificateCallbackValidation = (sender, certificate, chain, sslPolicyErrors) => { //Add your custom validation here };

          People

            jmorris Jeff Morris
            Vishnu Vishnu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty