in src/ApplicationInsights.Kubernetes/K8sHttpClient/KubeHttpClientSettingsBase.cs [71:107]
internal bool CertificateValidationCallBack(
#pragma warning disable CA1801 // Unused by design
HttpRequestMessage requestMessage,
#pragma warning restore CA1801 // Restore the warning
X509Certificate2 caCert,
X509Certificate2 clientCertificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
// If the certificate is a valid, signed certificate, return true.
if (sslPolicyErrors == SslPolicyErrors.None)
{
_logger.LogTrace("This is a valid signed certificate.");
return true;
}
_logger.LogTrace("Not a authority signed certificate.");
_logger.LogTrace("Server Cert RAW: {0}{1}", Environment.NewLine, Convert.ToBase64String(caCert.RawData));
// When there is Remote Certificate Chain Error, verify the chain relation between the client and server certificates.
if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateChainErrors))
{
_logger.LogTrace("Building certificate chain.");
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
// add all your extra certificate chain
chain.ChainPolicy.ExtraStore.Add(caCert);
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
_logger.LogTrace("Client Cert RAW: {0}{1}", Environment.NewLine, Convert.ToBase64String(clientCertificate.RawData));
bool isValid = chain.Build(clientCertificate);
_logger.LogTrace("Is Chain successfully built: {0}", isValid);
return isValid;
}
// In all other cases, return false.
_logger.LogError("SSL Certificate validation failed.");
return false;
}