CodeSOD: Certifiable Success |
“Hey, apparently, the SSL cert on our web-service expired… in 2013.”
Laura’s company had a web-service that provided most of their business logic, and managed a suite of clients for interacting with that service. Those clients definitely used SSL to make calls to that web-service. And Laura knew that there were a bunch of calls to ValidateServerCertificate as part of the handshaking process, so they were definitely validating it, right?
private static bool ValidateServerCertificate(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true;
}Well, that’s one kind of validation rule. It’s guaranteed to never fail, if nothing else.
[Advertisement]
ProGet can centralize your organization's software applications and components to provide uniform access to developers and servers. Check it out!
| Комментировать | « Пред. запись — К дневнику — След. запись » | Страницы: [1] [Новые] |
