0

I've written a function in .NET that performs a get request to a website that's running on some type of SSL certificate. But the problem is the certificate is self-signed and the program will not connect since the certificate cannot be verified. My function is as follows:

static string Get_String(string url)
{
    string output;
    using (var wb = new WebClient())
    {
        var response = wb.DownloadString(url);
        output = response;
    }
    return output;
}

Is there any way I can skip the process of certificate validation and just establish a secure connection over TLS protocol?

Muhammed Özen
  • 33
  • 1
  • 2
  • 6
  • 1
    See: https://stackoverflow.com/a/1301221/470096 – Mark PM Aug 23 '21 at 18:33
  • There are a lot of duplicate questions. Disabling validation isn't a real solution though, as it essentially disables TLS and allows any malicious proxy to intercept communications. TLS is used to ensure you know who you talk to, not just for encryption. Without validation, a malicious proxy could sit in front of the server, receive your calls, store them and forward them to the server. – Panagiotis Kanavos Aug 23 '21 at 18:35
  • A *better* solution is to add that self-signed certificate to your machine's trusted certificates. This way the certificate will be validated and you won't introduce a vulnerability to your code – Panagiotis Kanavos Aug 23 '21 at 18:35
  • @MuhammedÖzen if you disabled validation, no it didn't work. You just introduced a serious vulnerability. – Panagiotis Kanavos Aug 23 '21 at 18:37
  • Hello @Panagioutis Kanavos. What you're saying makes sense but when I watch the traffic through wireshark, I can't see any data in plaintext. It says data is being transmitted over TLS protocol. Can you elaborate how to exactly intercept data in plain text? Thank you in advance for your attention – Muhammed Özen Aug 23 '21 at 18:50
  • I just googled around a bit. What I found is instead of encryption issues, it might cause someone to lure you into another computer instead of your own site. Is that correct? – Muhammed Özen Aug 23 '21 at 19:06
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/236332/discussion-between-muhammed-ozen-and-panagiotis-kanavos). – Muhammed Özen Aug 23 '21 at 19:38

0 Answers0