What is the purpose of ServicePointManager.ServerCertificateValidationCallback?

Question

Lately, I had faced an error while sending email:

The remote certificate is invalid according to the validation procedure using

and I found a solution to this here which works perfectly but don't know what actually it does. So, can anyone explain me what the below code actually does? and why is the code referred as a hack?

Code:

ServicePointManager.ServerCertificateValidationCallback =
delegate(object s, X509Certificate certificate,
         X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ return true; };

score 4 · Accepted Answer · answered Oct 30 '15 at 08:51

4

It is a delegate your provide to the ServicePointManager that determines if a certificate is valid or not. Returning true will say the certificate is always valid.

You have to know this is a serious security risk. Anyone can self-issue a certificate and do a man-in-the-middle attack.

answered Oct 30 '15 at 08:51

Patrick Hofman

153,850
22
249
325

No. Why should it? It just circumvents the applications certificate check. – Patrick Hofman Oct 30 '15 at 08:56
is there any way to block "self-issuing of certificate"? – Developer Nation Oct 30 '15 at 08:57

What is the purpose of ServicePointManager.ServerCertificateValidationCallback?

1 Answers1