Bug in MqttTcpChannel (.NET Framework/NetStandard1.3) about mqttnet HOT 6 CLOSED

Hi,
yes I know that global solution from regular .NET framework.
In general there is a dedicated object for Tls options for this in the MQTT client.
In my opinion there should be a new boolean value which allows ignoring self signed certificates. Something similar is already there for revoked certificates. Maybe this can be reused or already works for your case!?
Then the implementations should inspect the options and add a handler in the SslStream etc. so that there is no new factory required and the user can set it with a simple option.

What do you think about this solution?

Best regards
Christian

from mqttnet.

I don't think a simple Boolean property would be sufficient. There isn't a specific property on a Self-Signed cert identifying it as such. A Func<,,,> matching the signature of the delegate could be exposed as a property. This would allow the developer full control over what certificates to accept/reject.

I think something alone these lines would work for my specific use case. I guess what I was also trying to resolve is the need to always have a property for each setting that should be mapped back. At some point if the needed functionality deviates from the standard design the developer would be better off constructing the SSL stream externally.

The public MqttTcpChannel(Socket socket, SslStream sslStream) signature indicates this is possible, alas the SslStream property is always overwritten by an internal call during ConnectAsync(), making it unsuitable for Client communications.

from mqttnet.

I agree but the Func you mentioned must be sufficient for all frameworks. I saw that core has different properties than the classic .NET stuff. If you provide such a function the implementation must map this function to the used stream which might be not possible because UWP don't has this function. It only has several enum which are describing what certificate status can be ignored. So a Func will not make sense in my opinion. A boolean is easier for that. What do you think about this?

Best regards
Christian

from mqttnet.

Please have a look at the develop branch. I added several TLS options regarding certificate validation. Please let me know if this fits your needs.

from mqttnet.

Looks like it should work fine for my needs. I will take the updated package a run a few tests.

from mqttnet.

I also added a callback mechanism for dealing with complex certificate validations. It is described in the wiki. I will close this ticket. Please let me know it you need more features to deal with certificates.

Best regards
Christian

from mqttnet.