Discussion:
How To associate ServicePointManager with Connection?
(too old to reply)
Jeffrey Walton
2012-01-01 19:52:52 UTC
Permalink
Hi All,

I have a ConnectionString which includes 'Encrypt=true', which uses
SSL/TLS on the connection (or encourages its use).

I want to perform some additional processing and testing with
ServicePointManager in in ServerCertificateValidationCallback.

My test code is below (adapted from Arne Vajhøj's earlier code).
Unfortunately, ServerCertificateValidationCallback is not called, and
I can't seem to figure out how to wire in ServicePointManager and
ServerCertificateValidationCallback with Connection or
ConnectionString.

Any ideas?

Jeff

public static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback =
PinCertificate;
//WebRequest wr = WebRequest.Create("https://sql-server.home.pvt/");
//wr.GetResponse();

String connectionString = "Server=tcp:SQL-Server; User
Id=development; Password=Password1; Encrypt=true";
SqlConnection connection = new SqlConnection(connectionString);
connection.Open();
}

public static bool PinCertificate(object sender, X509Certificate
certificate,
X509Chain chain, SslPolicyErrors
sslPolicyErrors)
{
if (certificate == null)
return false;

if (chain == null)
return false;

byte[] chash = certificate.GetCertHash();

StringBuilder sb = new StringBuilder(chash.Length * 2);
foreach (byte b in chash)
sb.AppendFormat("{0:X2}", b);

// Verify against known SHA1 thumb print of the certificate
String hash = sb.ToString();
if (hash != "NNNN...NNNN")
return false;

return true;
}
Arne Vajhøj
2012-01-01 20:03:40 UTC
Permalink
Post by Jeffrey Walton
I have a ConnectionString which includes 'Encrypt=true', which uses
SSL/TLS on the connection (or encourages its use).
I want to perform some additional processing and testing with
ServicePointManager in in ServerCertificateValidationCallback.
My test code is below (adapted from Arne Vajhøj's earlier code).
Unfortunately, ServerCertificateValidationCallback is not called, and
I can't seem to figure out how to wire in ServicePointManager and
ServerCertificateValidationCallback with Connection or
ConnectionString.
Any ideas?
To my best knowledge ServicePointManager is a HTTP(S)/URI/web only
thing.

SQLServer TDS encryption is something different.

According to:

http://msdn.microsoft.com/en-us/library/ms189067.aspx

the check is strict out of the box for SQLServer 2008 R2.

Arne
Post by Jeffrey Walton
public static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback =
PinCertificate;
//WebRequest wr = WebRequest.Create("https://sql-server.home.pvt/");
//wr.GetResponse();
String connectionString = "Server=tcp:SQL-Server; User
Id=development; Password=Password1; Encrypt=true";
SqlConnection connection = new SqlConnection(connectionString);
connection.Open();
}
public static bool PinCertificate(object sender, X509Certificate
certificate,
X509Chain chain, SslPolicyErrors
sslPolicyErrors)
{
if (certificate == null)
return false;
if (chain == null)
return false;
byte[] chash = certificate.GetCertHash();
StringBuilder sb = new StringBuilder(chash.Length * 2);
foreach (byte b in chash)
sb.AppendFormat("{0:X2}", b);
// Verify against known SHA1 thumb print of the certificate
String hash = sb.ToString();
if (hash != "NNNN...NNNN")
return false;
return true;
}
Jeffrey Walton
2012-01-01 20:46:00 UTC
Permalink
Post by Arne Vajhøj
Post by Jeffrey Walton
I have a ConnectionString which includes 'Encrypt=true', which uses
SSL/TLS on the connection (or encourages its use).
I want to perform some additional processing and testing with
ServicePointManager  in in ServerCertificateValidationCallback.
My test code is below (adapted from Arne Vajhøj's earlier code).
Unfortunately, ServerCertificateValidationCallback is not called, and
I can't seem to figure out how to wire in ServicePointManager and
ServerCertificateValidationCallback with Connection or
ConnectionString.
Any ideas?
To my best knowledge ServicePointManager is a HTTP(S)/URI/web only
thing.
SQLServer TDS encryption is something different.
http://msdn.microsoft.com/en-us/library/ms189067.aspx
the check is strict out of the box for SQLServer 2008 R2.
Thanks Arne.

https://connect.microsoft.com/VisualStudio/feedback/details/716212/sqlconnection-does-not-offer-control-over-ssl-tls-behavior-for-cipher-selections-and-additional-server-authentication-checks

Jeff

Loading...