ValidateServerCertificate never called

Question

I'm trying to connect to an https server using the SslStream class (the server uses a trusted root certificate), right after the sslStream.AuthenticateAsClient the CertificateSelectionCallback has been called but it never calls the ValidateServerCertificate so it'll remain in the sslStream.AuthenticateAsClient forever.

Here is the code:

TcpClient client = new TcpClient();
client.Connect(server, port);
SslStream sslStream = new SslStream(
    client.GetStream(),
    false,
    new RemoteCertificateValidationCallback(ValidateServerCertificate),
    new LocalCertificateSelectionCallback(CertificateSelectionCallback));

try
{ 
    sslStream.AuthenticateAsClient(
        serverName,
        collection,
        SslProtocols.Default,
        false);
catch (Exception ex)
{
    Console.WriteLine("Exception: {0}", ex.ToString());
}
...

Here are the two function for the callbacks:

public static bool ValidateServerCertificate(
    object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors)
{
    if (sslPolicyErrors == SslPolicyErrors.None)
       return true;

    Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

    // Do not allow this client to communicate with unauthenticated servers.
    return false;
}

static X509Certificate CertificateSelectionCallback(
    object sender,
    string targetHost,
    X509CertificateCollection localCertificates,
    X509Certificate remoteCertificate,
    string[] acceptableIssuers)
{
    return localCertificates[0];
}

Does anyone know why i am having this issue and how i can solve it?

Does your local (client) certificate include the private key, i.e. is it loaded from a p12 or pfx? — Frank, Feb 27 '18 at 16:10

ValidateServerCertificate never called

0 Answers0