MQTTnet icon indicating copy to clipboard operation
MQTTnet copied to clipboard

Published 20 hours ago verified publisher icon dotnet

CertificateValidationCallback not called for websocket client

Open andnig opened this issue 5 years ago • 8 comments

Hi,

first of all, thanks for the great project. I have just one problem: When using your websocket managed client, the CertificateValidationCallback seems not the be called. However, if I use the TCP client, anything works as expected. Any hints what I'm doing

               mqttInternalClientOptions = mqttInternalClientOptions
                .WithTls(new MqttClientOptionsBuilderTlsParameters()
                {
                    SslProtocol = sslVersion,
                    UseTls = true,
                    AllowUntrustedCertificates = false,
                    Certificates = new List<byte[]> { certBinary },
                    CertificateValidationCallback = (certificate, chain, sslPolicyErrors, arg4) =>
                    {
// some magic here
                        return isValid;
                    },
                })
                .WithProtocolVersion(mqttVersion)
                .WithCleanSession()
                .WithClientId(this.clientId);

           this.mqttClientOptions = new ManagedMqttClientOptionsBuilder()
                .WithAutoReconnectDelay(TimeSpan.FromSeconds(timeoutdelay))
                .WithMaxPendingMessages(this.mqttConfiguration.MaxReconnectBuffer)
                .WithPendingMessagesOverflowStrategy(this.mqttConfiguration.DropOldestIfOverflow
                    ? MqttPendingMessagesOverflowStrategy.DropOldestQueuedMessage
                    : MqttPendingMessagesOverflowStrategy.DropNewMessage)
                .WithStorage(clientRetainedMessageHandler)
                .WithClientOptions(mqttInternalClientOptions.Build())
                .Build();

Thanks in advance for any input!

andnig avatar Jun 17 '19 07:06 andnig

Ok, I can answer my own question. ClientWebsocket for netstandard2.0 does not provide CertificateValidationCallback. Had to upgrade the lib to netcoreapp2.1 to get it done.

andnig avatar Jun 18 '19 16:06 andnig

I'd like to reopen this issue, as the ClientWebsocketOptions for .netstandard2.1 now provides support for setting RemoteCertificateValidationCallback. Any chance you guys can add this to the MqttWebsocketChannel.cs as soon as you upgrade to .netstandard2.1?

https://docs.microsoft.com/en-us/dotnet/api/system.net.websockets.clientwebsocketoptions.remotecertificatevalidationcallback?view=netcore-3.1

In the ConnectAsync-Method, something like the following would enable this new feature. if (_options.TlsOptions?.UseTls == true) { clientWebSocket.Options.RemoteCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback((a,b,c,d) => { return _options.TlsOptions.CertificateValidationCallback(b, c, d, null); }); }

andnig avatar Dec 27 '19 10:12 andnig

Hey guys, any chance you are adding netstandard2.1 and allowing to somehow access RemoteCertificateValidationCallback in the ClientWebsocketOptions?

andnig avatar Apr 11 '20 07:04 andnig

Hi, I added support for this in master branch. It will be released with 3.0.10. Please let me know if this works for you. It requires to use the new validation handler. The validation callback will be removed in the future.

chkr1011 avatar Apr 18 '20 11:04 chkr1011

Hey, thanks for that. Seems to work for me 👍 Looking forward to the release and thanks for your great work!

andnig avatar Apr 18 '20 13:04 andnig

Hey @chkr1011 Do you have a rough schedule for the release of current master branch? I have to think whether I fork the project now and create a private nuget or whether I can wait for your release.

Thanks for the update :-)

andnig avatar Apr 27 '20 09:04 andnig

I can give you a beta build within the next couple of days.

chkr1011 avatar Apr 27 '20 09:04 chkr1011

That would be great. Thanks a lot 👍

andnig avatar Apr 27 '20 10:04 andnig