diff --git a/Frameworks/MQTTnet.NetFramework/Implementations/MqttTcpChannel.cs b/Frameworks/MQTTnet.NetFramework/Implementations/MqttTcpChannel.cs index 85d9d87..0ca1b5d 100644 --- a/Frameworks/MQTTnet.NetFramework/Implementations/MqttTcpChannel.cs +++ b/Frameworks/MQTTnet.NetFramework/Implementations/MqttTcpChannel.cs @@ -37,6 +37,7 @@ namespace MQTTnet.Implementations { _socket = socket ?? throw new ArgumentNullException(nameof(socket)); _sslStream = sslStream; + CreateStreams(socket, sslStream); } @@ -55,8 +56,7 @@ namespace MQTTnet.Implementations if (_options.TlsOptions.UseTls) { - _sslStream = new SslStream(new NetworkStream(_socket, true)); - + _sslStream = new SslStream(new NetworkStream(_socket, true), false, UserCertificateValidationCallback); await _sslStream.AuthenticateAsClientAsync(_options.Server, LoadCertificates(_options), SslProtocols.Tls12, _options.TlsOptions.CheckCertificateRevocation).ConfigureAwait(false); } @@ -97,6 +97,16 @@ namespace MQTTnet.Implementations ReceiveStream = new BufferedStream(RawReceiveStream, BufferSize); } + private bool UserCertificateValidationCallback(object sender, X509Certificate x509Certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) + { + if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0) + { + return _options.TlsOptions.IgnoreCertificateChainErrors; + } + + return false; + } + private static X509CertificateCollection LoadCertificates(MqttClientOptions options) { var certificates = new X509CertificateCollection(); diff --git a/Frameworks/MQTTnet.NetStandard/Implementations/MqttTcpChannel.cs b/Frameworks/MQTTnet.NetStandard/Implementations/MqttTcpChannel.cs index fd28348..aa91b12 100644 --- a/Frameworks/MQTTnet.NetStandard/Implementations/MqttTcpChannel.cs +++ b/Frameworks/MQTTnet.NetStandard/Implementations/MqttTcpChannel.cs @@ -51,7 +51,7 @@ namespace MQTTnet.Implementations if (_options.TlsOptions.UseTls) { - _sslStream = new SslStream(new NetworkStream(_socket, true)); + _sslStream = new SslStream(new NetworkStream(_socket, true), false, UserCertificateValidationCallback); ReceiveStream = _sslStream; await _sslStream.AuthenticateAsClientAsync(_options.Server, LoadCertificates(_options), SslProtocols.Tls12, _options.TlsOptions.CheckCertificateRevocation).ConfigureAwait(false); } @@ -76,6 +76,16 @@ namespace MQTTnet.Implementations _sslStream = null; } + private bool UserCertificateValidationCallback(object sender, X509Certificate x509Certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) + { + if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0) + { + return _options.TlsOptions.IgnoreCertificateChainErrors; + } + + return false; + } + private static X509CertificateCollection LoadCertificates(MqttClientOptions options) { var certificates = new X509CertificateCollection(); diff --git a/Frameworks/MQTTnet.UniversalWindows/Implementations/MqttTcpChannel.cs b/Frameworks/MQTTnet.UniversalWindows/Implementations/MqttTcpChannel.cs index 975928e..c7501f0 100644 --- a/Frameworks/MQTTnet.UniversalWindows/Implementations/MqttTcpChannel.cs +++ b/Frameworks/MQTTnet.UniversalWindows/Implementations/MqttTcpChannel.cs @@ -24,6 +24,7 @@ namespace MQTTnet.Implementations public MqttTcpChannel(StreamSocket socket) { _socket = socket ?? throw new ArgumentNullException(nameof(socket)); + CreateStreams(); } @@ -48,8 +49,13 @@ namespace MQTTnet.Implementations if (!_options.TlsOptions.CheckCertificateRevocation) { - _socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.IncompleteChain); _socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.RevocationInformationMissing); + _socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.Revoked); + } + + if (_options.TlsOptions.IgnoreCertificateChainErrors) + { + _socket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.IncompleteChain); } await _socket.ConnectAsync(new HostName(_options.Server), _options.GetPort().ToString(), SocketProtectionLevel.Tls12); diff --git a/Images/Logo_128x128.png b/Images/Logo_128x128.png index 5b88e13..a528d7c 100644 Binary files a/Images/Logo_128x128.png and b/Images/Logo_128x128.png differ diff --git a/MQTTnet.Core/Client/MqttClientTlsOptions.cs b/MQTTnet.Core/Client/MqttClientTlsOptions.cs index 6a7b9cf..a5595d2 100644 --- a/MQTTnet.Core/Client/MqttClientTlsOptions.cs +++ b/MQTTnet.Core/Client/MqttClientTlsOptions.cs @@ -8,6 +8,8 @@ namespace MQTTnet.Core.Client public bool CheckCertificateRevocation { get; set; } + public bool IgnoreCertificateChainErrors { get; set; } + public List Certificates { get; set; } } }