Ignoring invalid SSL certificate

Question

I`m trying to print out log messages from our sub version. But I'm struggling with bypassing the invalid SSL certificate. This is the error:

OPTIONS of 'https://xxxxx/svn/SiteFabrics/trunk/AppLaunch/Bloc/Frontend': Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted (https://xxxx)

My attempt of ignoring the certificate error was to add this line:

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

However that didn't make any difference as the .net error is still the same. Below is the code, can anyone see what I am doing wrong?

        using (SvnClient client = new SvnClient())
        {
            Collection<SvnLogEventArgs> list;
            client.Authentication.DefaultCredentials = new NetworkCredential("user", "pass");

            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

            SvnLogArgs la = new SvnLogArgs(); //{ Start=128; End=132; };
            client.LoadConfiguration(Path.Combine(Path.GetTempPath(), "Svn"), true);
            client.GetLog(new Uri("https://[svnurl]"), la, out list);
            ViewBag.SVNLog = list;
        }

Have you looked at this post?: http://stackoverflow.com/questions/3099392/svn-repository-authentication-using-sharpsvn — Tomas, Nov 14 '11 at 12:18
In recent SharpSvn versions you can use .UseDefaultConfiguration() instead of .LoadConfiguration to avoid using a temp dir. — Bert Huijben, Sep 07 '12 at 11:03

score 3 · Accepted Answer · answered Aug 15 '15 at 22:31

FOUND THE SOLUTION TO THIS PROBLEM:

First add this:

        static void SVN_SSL_Override(object sender, SharpSvn.Security.SvnSslServerTrustEventArgs e)
    {
        e.AcceptedFailures = e.Failures;
        e.Save = true;
    }

and then replace my original magic line:

            ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

with this:

client.Authentication.SslServerTrustHandlers += new EventHandler<SharpSvn.Security.SvnSslServerTrustEventArgs>(SVN_SSL_Override);

score 0 · Answer 2 · answered Aug 24 '12 at 15:08

0

You could connect to the repository using a SVN UI like tortoisesvn a single time and accept the bad SSL Cert and then it will work fine. Not a code fix but might work in your instance. It did in mine.

answered Aug 24 '12 at 15:08

Micah Armantrout

6,781
4
40
66

Right, add the certificate issuer to your list of trusted certification authorities, which is security wise way better than accepting any certificate. – Paciv Aug 24 '12 at 15:12
1

This is exactly what the .SslServerTrustHandlers implementation does by setting .Save = true. But saving by itself probably won't work because the default configuration location isn't used when .LoadConfiguration() is called. – Bert Huijben Sep 07 '12 at 10:59

score 0 · Answer 3 · answered Nov 07 '12 at 08:20

It's also possible to use a lambda expression (here in VB) :

AddHandler client.Authentication.SslServerTrustHandlers, Sub(ssender As Object, ev As SharpSvn.Security.SvnSslServerTrustEventArgs)
  ev.AcceptedFailures = ev.Failures
  ev.Save = True
End Sub

score 0 · Answer 4 · answered Jan 11 '13 at 11:15

private void GetClaimParams(string targetUrl, out string loginUrl, out Uri navigationEndUrl)
        {
HttpWebRequest webRequest = null;
            WebResponse response = null;
            webRequest = (HttpWebRequest)WebRequest.Create(targetUrl);
            webRequest.Method = Constants.WR_METHOD_OPTIONS;
            #if DEBUG
                ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(IgnoreCertificateErrorHandler);
            #endif
            try
            {
                response = (WebResponse)webRequest.GetResponse();
                ExtraHeadersFromResponse(response, out loginUrl, out navigationEndUrl);
            }
            catch (WebException webEx)
            {
                ExtraHeadersFromResponse(webEx.Response, out loginUrl, out navigationEndUrl);
            }
}



#if DEBUG
        private bool IgnoreCertificateErrorHandler
           (object sender,
           System.Security.Cryptography.X509Certificates.X509Certificate certificate,
           System.Security.Cryptography.X509Certificates.X509Chain chain,
           System.Net.Security.SslPolicyErrors sslPolicyErrors)
        {
            return true;
        }
#endif // DEBUG

score 0 · Answer 5 · answered Mar 13 '13 at 13:10

I am using this one... just have it a try :

//As given in the url to handle invalid SSL : http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

                ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertificatePolicy.CheckValidationResult);

score 0 · Answer 6 · answered Apr 01 '15 at 17:32

Pretty much the same as the above answers, just passing the callback as a delegate. You can give it a try, might work for you -

ServicePointManager.ServerCertificateValidationCallback = delegate(object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };

Ignoring invalid SSL certificate

6 Answers6