httpclient-interception icon indicating copy to clipboard operation
httpclient-interception copied to clipboard

Published 20 hours ago verified publisher icon justeattakeaway

Fix remote certificate is invalid for https

Open kiquenet opened this issue 2 years ago • 3 comments

Is your feature request related to a problem? Please describe.

How-to fix System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch ?

Describe the solution you'd like

https://stackoverflow.com/questions/72211623/how-to-fix-remote-certificate-is-invalid-according-to-the-validation-procedure https://stackoverflow.com/questions/9983265/the-remote-certificate-is-invalid-according-to-the-validation-procedure ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;

Describe alternatives you've considered

ForHttpsIgnoreCertificate method

Additional context

kiquenet avatar Sep 22 '22 11:09 kiquenet

Requests successfully intercepted by the library will never interact with the HTTPS/TLS stack, so isn't a direct concern of this library.

If you never want a real HTTP request to be made, then set ThrowOnMissingRegistration to true:

https://github.com/justeat/httpclient-interception/blob/3585f27d60a16f432f73626150f02264d647b4cd/src/HttpClientInterception/HttpClientInterceptorOptions.cs#L68-L71

You would then just need to add the missing registrations to intercept the relevant requests causing the exceptions.

If you do want real requests to be made if an interception isn't registered, then the standard way to do with with HttpClient is to provide a custom handler and disable certification validation:

var handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

var httpClient = new HttpClient(handler);

In the above scenario, then you will need to compose the handler from CreateHttpMessageHandler() with that handler so that the interception is in the HTTP pipeline.

Using IHttpClientFactory (as described here) makes this easier. There is an example of this approach in the sample application.

martincostello avatar Sep 22 '22 11:09 martincostello

Fails for me using this code:

AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch

 var builder = new HttpRequestInterceptionBuilder()
                .ForHost(Host)
                .ForPath("/api/v1/getEnvironment")
                .ForHttps()
                .ForMethod(HttpMethod.Get)
                .WithJsonContent(new { });
            var options = new HttpClientInterceptorOptions().Register(builder);
            var client = options.CreateHttpClient(new Uri(Uri));

I try this:

 var builder = new HttpRequestInterceptionBuilder()
                .ForHost(Host)
                .ForPath("/api/v1/getEnvironment")
                .ForHttps()
                .ForMethod(HttpMethod.Get)
                .WithJsonContent(new { });
            var options = new HttpClientInterceptorOptions().Register(builder);
            options.ThrowOnMissingRegistration = true;
            var client = options.CreateHttpClient(new Uri(Uri));

and I get

JustEat.HttpClientInterception.HttpRequestNotInterceptedException: No HTTP response is configured for GET https://sql-pre:60011/obtenerEntornoDirectorioActivo.

kiquenet avatar Sep 22 '22 13:09 kiquenet

That's expected behaviour - you've configured a response for GET https://{Host}/api/v1/getEnvironment and nothing for GET https://sql-pre:60011/obtenerEntornoDirectorioActivo.

You need to set up something to respond to the request for that HTTP GET.

martincostello avatar Sep 22 '22 14:09 martincostello