SecureHttpListener.UseClientCertificate - Does nothing. Solution?

Sep 16, 2011 at 10:17 PM
Edited Sep 16, 2011 at 10:33 PM

Hello,

First of all, Great Project I like it a lot!

I was trying out SecureHttpListener, it was OK until I started testing client side Certificate.

1) SecureHttpListener.UseClientCertificate doesn't pass any value to the created SecureHttpContext instance. So it does nothing and the SecureListener sample is misleading. IMHO it should be

//SecureHttpListener.cs
protected override HttpContext CreateContext(Socket socket)
{
  SecureHttpContext httpContext = Factory.Get<SecureHttpContext>(_certificate, Protocol, socket);
  httpContext.UseClientCertificate = UseClientCertificate;
  return httpContext;
}

2) I think there should be the possibility to handle the client certificate validation something similar to HttpListener.SocketAccepted event. IMHO it should look like something like this

//SecureHttpContext.cs
private bool OnValidation(object sender, X509Certificate receivedCertificate, X509Chain chain,
   SslPolicyErrors sslPolicyErrors)
{

     if (UseClientCertificate)
     {
       ClientCertificate = new ClientCertificate(receivedCertificate, chain, sslPolicyErrors);
       CertificateEventArgs args = new CertificateEventArgs(ClientCertificate);
       ClientCertificateValidating(this, args);
       return args.IsCertificateOk;
     }

    return true;
}

Maybe I am wrong here and I don't see the whole picture clearly. But custom validation should be there, I think, and ClientCertificate class would make more sense then.

 

For now I am using this modification which works fine

//SecureHttpContext.cs
private bool OnValidation(object sender, X509Certificate receivedCertificate, X509Chain chain,
   SslPolicyErrors sslPolicyErrors)
{

     if (UseClientCertificate)
     {
       ClientCertificate = new ClientCertificate(receivedCertificate, chain, sslPolicyErrors);
       return sslPolicyErrors == SslPolicyErrors.None;
     }

    return true;
}