Geek Answers Handbook

How to clear SSL certificate data

I have a client server setup. The client creates a proxy to communicate with the server. When the communication protocol is HTTPS, the proxy listens for the SSL certificate verification event on the following line:

ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);

The ValidateRemoteCertificate method refers to certificate exceptions.

In the client, the user can choose one of 3 security levels: low, medium and high. At a low level, the ValidateRemoteCertificate method ignores any errors and always returns true. At a middle level, the ValidateRemoteCertificate method fires an event that notifies the client of the problem. At this point, a message appears to the user informing him that the certificate is problematic and allows the user to choose whether to continue or accept the connection to the server or to decline. At a high level, the ValidateRemoteCertificate method rejects the connection for any error.

So far so good.

The scenario is as follows:

  • The client boots up with the Medium predefined security level that has already been accepted by the user, and the connection is established with the server without spreading any certificate problems.
  • The user disconnects the client from the server (using a special button).
  • The user is trying to reconnect the client. At this stage, the client has the opportunity to test the connection using the test button. The test method returns success, although a new proxy was created for the connection test, and all ValidateRemoteCertificate methods were removed from ServerCertificateValidationCallback (a specific type of proxy). In addition, no event is fired for the problem certificate, and the ValidateRemoteCertificate method is not called.

The behavior I'm trying to achieve is that when the test runs, ServerCertificateValidationCallback will behave as if it was the first to call it after the client starts, and ValidateRemoteCertificate will come into play.

I tried looking for any method that clears any delegates / events in ServicePointManager, but I could not find them.

Is there any cache that can be cleared? I hope the scenario is clear enough.

+5
c # certificate ssl
source share
1 answer

I know that it was almost 4 years, but I had the same problem, and I wanted to share my solution if anyone else finds this.

I could not find a built-in way to handle this, so I looked at the source code for ServicePoint and ServicePointManager, and here's what I came up with:

  public void EnsureNoServicePointCertificate(Uri uri) { // find the service point for the Uri ServicePoint sp = ServicePointManager.FindServicePoint(uri); // Check if there is a service point and there is a certificate if (sp != null && sp.Certificate != null) { try { // ServicePointManager has a hashtable (private static Hashtable s_ServicePointTable) of all service points Type servicePointType = sp.GetType(); // ServicePoint.LookupString is the key for the hashtable PropertyInfo lookupStringProperty = servicePointType.GetProperty("LookupString", BindingFlags.Instance | BindingFlags.NonPublic); string lookupString = (string)lookupStringProperty.GetValue(sp, null); // Get the hashtable from ServicePointManager Hashtable s_ServicePointTable = (Hashtable)typeof(ServicePointManager).InvokeMember("s_ServicePointTable", BindingFlags.Static | BindingFlags.NonPublic | BindingFlags.GetField, null, null, null); // ServicePointManager locks the hashtable and calls // s_ServicePointTable.Remove(servicePoint.LookupString); lock (s_ServicePointTable) { s_ServicePointTable.Remove(lookupString); } // At this point, ServicePointManager calls // servicePoint.ReleaseAllConnectionGroups(); MethodInfo release = servicePointType.GetMethod("ReleaseAllConnectionGroups", BindingFlags.Instance | BindingFlags.NonPublic); release.Invoke(sp, null); } catch { } } }
+4
source share

More articles:


All Articles