Use MqttClientDefaultCertificateValidationHandler.Handle() by default

[d5UtQvp8QQU9]

Describe the feature request

For diagnostic purposes we use the CertificateValidationHandler callback. We don't acutally do certificate validation there but only log diagnostic information. After that we would like to defer certificate validation to the default implementation of MQTTnet.

There exists a so-called DefaultCertificateValidationHandler as MqttClientDefaultCertificateValidationHandler.Handle(), but it isn't used by MQTTnet (to the best of my knowledge).

The actual default implementation resides in MqttTcpChannel.InternalUserCertificateValidationCallback(), so we're not able to daisy-chain the default implementation to our callback function.

Which project is your feature request related to?

• Client
• ManagedClient

Describe the solution you'd like

A default implementation for DefaultCertificateValidationHandler that will be used if no CertificateValidationHandler callback has been set. The default implementation should be public so user code can call it before or after doing custom stuff.

Describe alternatives you've considered

Copying the validation code from InternalUserCertificateValidationCallback() - not very elegant and needs to be synchronized if MQTTnet changes.

Additional context

#1447

[chkr1011]

I attached a branch to this ticket. Please check it out and let me know if it now works as you expected.

[d5UtQvp8QQU9]

Thanks! Will report back as soon as I have the info.

[i8beef]

Also just got hit by this when upgrading. For anyone else landing here, until this is fixed, you can set it yourself like this in the TLS setup options:

// Temporary fix for https://github.com/dotnet/MQTTnet/issues/1547
var tlsOptions = new MqttClientOptionsBuilderTlsParameters
{
  UseTls = _brokerSettings.BrokerUseTls,
  ...,
  CertificateValidationHandler = MqttClientDefaultCertificateValidationHandler.Handle
};