Allow a custom HttpMessageHandler to support overriding the verification of Self-Signed SSL certificates.
See original GitHub issueWith the V2 client now using the latest framework it is possible to override the HttpMessageHandler and override self-signed certificate checking.
var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ServerCertificateCustomValidationCallback += DangerousAcceptAnyServerCertificateValidator;
_client = new DocumentClient(new Uri(_documentDbOptions.Endpoint), _documentDbOptions.Key, handler);
However with the V3 client, there is no ability to do this. Can we look for a suitable way to do this?
Self-Signed certification verification overrides are required when running on Linux clients that wish to connect to the emulator. Despite all of the good work that has been done with the emulator such as allowing you to specify the alternative subject names for the self-signed certificate and export it, there are still limitations. I’ve found that the Linux implementation of .NET core that uses cURL/OpenSSL will still error with a self-signed certificate, even if you install it into the ca-certificates store. (Windows will honor the certificate if you put it into the Trusted Certificate Authorities store).
It would be preferable to use the V3 SDK rather than the V2.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:3
- Comments:16 (5 by maintainers)
Top GitHub Comments
Hi any plan on this pr going to release? Same situation working behind a corporate firewall. Thanks.
Folks, how is that PR fixing the SSL bypass issue? I don’t see how to set the
HttpClientHandler
or other way to ignore the SSL cert. I’m on OSX with the same issue on the emulator…Can someone shed a light on this? Thanks!