What is the rationale for ServicePointManager.ServerCertificateValidationCallback designed this way?

Question

What is the rationale for ServicePointManager.ServerCertificateValidationCallback designed this way?

ServicePointManager.ServerCertificateValidationCallback is a global static property that can be overwritten by any bit of code in your application, simply:

 ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, sslPolicyErrors) => true;

Why did they decide to implement it this way? Of course, this should be a property of the WebRequest object, and you should have a very good reason why you are ignoring the certificate.

+7

c #

superlogical Jul 11 '12 at 11:51

source share

1 answer

CodesInChaos · Answer 1 · 2012-07-11T12:08:02+0000

Other code that can set this property is not a security issue because setting the property requires SecurityPermissionFlag.Infrastructure permission, which you do not need to provide for code that you do not trust.

On the other hand, I agree that this is a bad design because it is a global volatile state and should be avoided. In particular, it is unnecessarily difficult to use different validation policies in different parts of the program. The general configuration file, you think, will be even worse IMO.

The proper choice would be the instance property for the callback, as well as what the regular SslStream class SslStream . I do not know enough about this part of the framework to say whether this property exists, and thus, ServicePointManager.ServerCertificateValidationCallback used only as the default value, or this global variable is the only way to influence certificate validation.

What is the rationale for ServicePointManager.ServerCertificateValidationCallback designed this way?

More articles: