djsoteric
Reputation: 316
Using SocketsHttpHandler in .NET Core 2.2 and ignoring cert validation
With HttpClientHandler, we are able to set a server validation callback and return true (by writing it out or using DangerousAcceptAnyServerCertificateValidator). How can I ensure that I bypass this verification also when I switch my HttpClient to use SocketsHttpHandler after upgrading to .NET Core 2.2? Is this the default? I can't find much information on this topic currently, and I will be deploying to an environment where I'd like to avoid making a breaking change.
Upvotes: 9
Views: 4673
Answers (1)
Tim Swift
Reputation: 175
@djsoteric I had the same exact issue, solved it this way
public static HttpClient CreateHttpClient()
{
var sslOptions = new SslClientAuthenticationOptions
{
// Leave certs unvalidated for debugging
RemoteCertificateValidationCallback = delegate { return true; },
};
var handler = new SocketsHttpHandler()
{
SslOptions = sslOptions,
};
return new HttpClient(handler);
}
Upvotes: 16
Related Questions
- Add client certificate to .NET Core HttpClient
- HttpClient connecting via certification validation
- Client certificate not included by HttpClientHandler in .net core
- Disable SSL certificate verification in default injected IHttpClientFactory
- Disabling httpclient ssl verification, on request level, in net 4.6
- How to ignore SSL validation in .net core 2.1
- ASP.NET Core HttpClient accept all certificates for localhost only, otherwise behave normally
- ASP.NET Core 2.1: Add client certificate to registered typed HTTP clients
- Using Trusted Root Certification Authorities for server certificate validation in HttpClient
- HttpClient does not send client certificate on Windows using .NET Core