Login/Register
What's the rationale for ServicePointManager.ServerCertificateValidationCallback being designed that way? [closed]
Asked Answered
c#servicepointmanager
A

1

8

ServicePointManager.ServerCertificateValidationCallback is a global static property that can be overwritten by any bit of code in your application simply by doing:

ServicePointManager.ServerCertificateValidationCallback
    = (sender, cert, chain, sslPolicyErrors) => true;

Why did they decide to implement it that way? Surely it should be a property on the WebRequest object, and you should have a very good reason for why you are ignoring the certificate.

Archaeornis answered 11/7, 2012 at 11:51 Comment(5)
So what you complain about is that this is a static property instead of an instance property making it hard to use different policies in independent parts of the application?Roaster
No it's because any bit of 3rd party code you consume like SDKs etc can go and overwrite your callback with there's.Archaeornis
This doesn't look like an actual question to me. You're just complaining about an unnecessary use of global mutable state.Roaster
I'm asking why they decided to implement it like this? Surely it should be a config file setting that no-one but your machine can override???Archaeornis
Are you claiming this is a security problem(it's not), or just that it's bad design(It probably is)? A config file is just as bad(global and mutable) as the current code.Roaster
R
5

Other code being able to set this property is not a security issue, since setting the property requires the SecurityPermissionFlag.Infrastructure permission, which you don't need to grant to code you don't trust.

On the other hand I agree that it's bad design, since it's global mutable state and that should be avoided. In particular it makes it unnecessarily hard to use different validation policies in different parts of the program. A shared config file, as you suggest, would be even worse IMO.

The correct choice would be an instance property for the callback, just like what the plain SslStream class uses. I'm not familiar enough with that part of the framework to say if this property exists, and thus ServicePointManager.ServerCertificateValidationCallback only serves as as a default, or if this global variable is the only way to influence certificate validation.

Roaster answered 11/7, 2012 at 12:8 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.