Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to turn off certificate revocation for a WCF service's client?

How can I turn off certificate revocation for a WCF service's client? The client proxy was generated by wsdl.exe and inherits SoapHttpClientProtocol.

like image 324
Meidan Alon Avatar asked Oct 15 '08 09:10

Meidan Alon


People also ask

How do I turn off certificate revocation check in Chrome?

Go to Advanced tab and scroll down to the Security. Now uncheck Check for publisher's certificate revocation and Check for server certificate revocation* Note: We don't recommend this practice because it can leave you vulnerable to cyber attackers. Hit OK.

How do I check my certificate of revocation status?

To check the revocation status of an SSL Certificate, the client connects to the URLs and downloads the CA's CRLs. Then, the client searches through the CRL for the serial number of the certificate to make sure that it hasn't been revoked.


1 Answers

I think you're looking for ServicePointManager.ServerCertificateValidationCallback:

http://msdn.microsoft.com/en-gb/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

Which takes a RemoteCertificateValidationCallback Delegate:

http://msdn.microsoft.com/en-gb/library/system.net.security.remotecertificatevalidationcallback.aspx

I've never dealt with a revoked certificate before (I have hand to handle other issues such as expired SSL's), but I'm guessing you'd just do something like:

class Program
{
    static void Main(string[] args)
    {
        ServicePointManager.ServerCertificateValidationCallback +=
            new RemoteCertificateValidationCallback(ValidateCertificate);

        // Do WCF calls...
    }

    public static bool ValidateCertificate(object sender, X509Certificate cert, 
                              X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if(sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
        {
            foreach(X509ChainStatus chainStatus in chain.ChainStatus)
            {
                if(chainStatus.Status == X509ChainStatusFlags.Revoked)
                {
                    return true;
                }
            }
        }
        
        /* 
         WARNING!
     
         You should perform other cert validation checks here and not blindly 
         override your cert validation by returning true.

         Otherwise the secure channel between your client and service
         may not be secure.

        */

        return false;
    }
}
like image 87
Kev Avatar answered Oct 08 '22 11:10

Kev