Make it possible to provide a custom remote cert validator and local cert selector

michaelklishin · michaelklishin · commit 423fdd633faa · 2014-03-24T11:33:33.000+04:00
Manually integrates #12
diff --git a/projects/client/RabbitMQ.Client/src/client/api/SslHelper.cs b/projects/client/RabbitMQ.Client/src/client/api/SslHelper.cs
@@ -90,9 +90,15 @@ private bool CertificateValidationCallback(object sender,
         public static Stream TcpUpgrade(Stream tcpStream, SslOption sslOption, int timeout)
         {
             SslHelper helper = new SslHelper(sslOption);
+
+            RemoteCertificateValidationCallback remoteCertValidator =
+              sslOption.CertificateValidationCallback ?? new RemoteCertificateValidationCallback(helper.CertificateValidationCallback);
+            LocalCertificateSelectionCallback localCertSelector =
+              sslOption.CertificateSelectionCallback ?? new LocalCertificateSelectionCallback(helper.CertificateSelectionCallback);
+
             SslStream sslStream = new SslStream(tcpStream, false,
-                                                new RemoteCertificateValidationCallback(helper.CertificateValidationCallback),
-                                                new LocalCertificateSelectionCallback(helper.CertificateSelectionCallback));
+                                                remoteCertValidator,
+                                                localCertSelector);
 
             sslStream.AuthenticateAsClient(sslOption.ServerName,
                                            sslOption.Certs,
diff --git a/projects/client/RabbitMQ.Client/src/client/api/SslOption.cs b/projects/client/RabbitMQ.Client/src/client/api/SslOption.cs
@@ -136,6 +136,18 @@ public SslPolicyErrors AcceptablePolicyErrors
             set { m_acceptablePolicyErrors = value; }
         }
 
+        /// <summary>
+        /// An optional client specified SSL certificate validation callback.  If this is not specified,
+        /// the default callback will be used in conjunction with the AcceptablePolicyErrors property to 
+        /// determine if the remote server certificate is valid.
+        /// </summary>
+        public RemoteCertificateValidationCallback CertificateValidationCallback { get; set; }
+
+        /// <summary>
+        /// An optional client specified SSL certificate selection callback.  If this is not specified,
+        /// the first valid certificate found will be used.
+        /// </summary>
+        public LocalCertificateSelectionCallback CertificateSelectionCallback { get; set; }
 
         ///<summary>Construct an SslOption specifying both the server cannonical name
         ///and the client's certificate path.
@@ -145,6 +157,8 @@ public SslOption(string serverName, string certPath, bool enabled)
             m_serverName= serverName;
             m_certPath = certPath;
             m_enabled = enabled;
+            CertificateValidationCallback = null;
+            CertificateSelectionCallback  = null;
         }
 
         ///<summary>Construct an SslOption with just the server cannonical name.
