Using SslStream to make an ALPN connection - confusion over parameters to use. #1361
Description
I've updated to the .NET Core 2.1 preview in order to make an SSL connection. Our server requires an ALPN negotiation to occur. As I understand it, the preview is the first version of .NET Core to support ALPN.
Here is essentially what I'm doing:
TcpClient tcpClient = new TcpClient();
tcpClient.Connect(ProxyClient.TestUbuntuHost, ProxyClient.TestUbuntuPort);
var stream = tcpClient.GetStream();
SslStream sslStream = new SslStream(stream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate));
X509Certificate2 certificate = new X509Certificate2(@"<a filename provided>);
X509Certificate2Collection certColl = new X509Certificate2Collection(certificate);
sslStream.AuthenticateAsClient(
ProxyClient.TestUbuntuHost,
certColl,
SslProtocols.Tls11 | SslProtocols.Tls12, false);
The ValidateServerCertificate looks like this:
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
I get this error: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. whether or not I pass that 3rd param to the SslStream constructor.
Can you shed some light on whether I need to do something else to enforce the ALPN negotiation?
Thanks,
Bob