better and more robust certificate selection

Matthias Radestock · Matthias Radestock · commit 27b5a8b4e217 · 2009-12-09T22:34:57.000Z
- don't explode when localCertificates is null or empty
- pick a cert based on the acceptableIssuers, if we can
diff --git a/projects/client/RabbitMQ.Client/src/client/api/SslHelper.cs b/projects/client/RabbitMQ.Client/src/client/api/SslHelper.cs
@@ -77,7 +77,19 @@ static X509Certificate CertificateSelectionCallback(object sender,
                 X509Certificate remoteCertificate,
                 string[] acceptableIssuers)
         {
-            return localCertificates[0];
+            if (acceptableIssuers != null && acceptableIssuers.Length > 0 &&
+                localCertificates != null && localCertificates.Count > 0)
+                {
+                    foreach (X509Certificate certificate in localCertificates)
+                        {
+                            if (Array.IndexOf(acceptableIssuers, certificate.Issuer) != -1)
+                                return certificate;
+                        }
+                }
+            if (localCertificates != null && localCertificates.Count > 0)
+                return localCertificates[0];
+
+            return null;
         }
 
         ///<summary>Upgrade a Tcp stream to an Ssl stream using the SSL options
