feat: Add callback function for handling the SSL Certificate Validation

CHANGELOG.md

@@ -3,6 +3,7 @@
 ### Features
 1. [#319](https://github.com/influxdata/influxdb-client-csharp/pull/319): Optionally align `limit()` and `tail()` before `pivot()` function [LINQ]
 1. [#322](https://github.com/influxdata/influxdb-client-csharp/pull/322): Possibility to specify default value for `start` and `stop` parameter of range function [LINQ]
+1. [#323](https://github.com/influxdata/influxdb-client-csharp/pull/323): Add callback function for handling the SSL Certificate Validation
 
 ### Breaking Changes
 1. [#316](https://github.com/influxdata/influxdb-client-csharp/pull/316): Rename `InvocableScripts` to `InvokableScripts`

Client.Test/InfluxDbClientTest.cs

@@ -1,4 +1,3 @@
-using System;
 using System.Diagnostics;
 using System.IO;
 using System.Linq;
@@ -369,5 +368,30 @@ public async Task VersionIsNotCaseSensitive()
 
             Assert.AreEqual("2.0.0", await _client.VersionAsync());
         }
+
+        [Test]
+        public async Task CustomCertificateValidationCallback()
+        {
+            using var mockServerSsl = WireMockServer.Start(new WireMockServerSettings
+            {
+                UseSSL = true
+            });
+
+            var reached = false;
+
+            _client.Dispose();
+            _client = InfluxDBClientFactory.Create(new InfluxDBClientOptions.Builder()
+                .Url(mockServerSsl.Urls[0])
+                .RemoteCertificateValidationCallback((sender, certificate, chain, errors) => reached = true)
+                .Build());
+
+            mockServerSsl.Given(Request.Create().WithPath("/ping").UsingGet())
+                .RespondWith(Response.Create().WithStatusCode(204)
+                    .WithHeader("x-influxdb-version", "2.0.0"));
+
+            await _client.VersionAsync();
+
+            Assert.IsTrue(reached);
+        }
     }
 }

Client/InfluxDBClientOptions.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Configuration;
 using System.Net;
+using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 using System.Text.RegularExpressions;
 using System.Web;
@@ -42,6 +43,8 @@ public class InfluxDBClientOptions
 
         public bool VerifySsl { get; }
 
+        public RemoteCertificateValidationCallback VerifySslCallback { get; }
+
         public X509CertificateCollection ClientCertificates { get; }
 
         private InfluxDBClientOptions(Builder builder)
@@ -66,6 +69,7 @@ private InfluxDBClientOptions(Builder builder)
             PointSettings = builder.PointSettings;
 
             VerifySsl = builder.VerifySslCertificates;
+            VerifySslCallback = builder.VerifySslCallback;
             ClientCertificates = builder.CertificateCollection;
         }
 
@@ -110,6 +114,7 @@ public sealed class Builder
             internal IWebProxy WebProxy;
             internal bool AllowHttpRedirects;
             internal bool VerifySslCertificates = true;
+            internal RemoteCertificateValidationCallback VerifySslCallback;
             internal X509CertificateCollection CertificateCollection;
 
             internal PointSettings PointSettings = new PointSettings();
@@ -283,7 +288,7 @@ public Builder AllowRedirects(bool allowHttpRedirects)
             }
 
             /// <summary>
-            /// Ignore Certificate Validation Errors when false
+            /// Ignore Certificate Validation Errors when `false`.
             /// </summary>
             /// <param name="verifySsl">validates Certificates</param>
             /// <returns><see cref="Builder"/></returns>
@@ -296,6 +301,19 @@ public Builder VerifySsl(bool verifySsl)
                 return this;
             }
 
+            /// <summary>
+            /// Callback function for handling the remote SSL Certificate Validation.
+            /// The callback takes precedence over `VerifySsl`. 
+            /// </summary>
+            /// <param name="callback"></param>
+            /// <returns></returns>
+            public Builder RemoteCertificateValidationCallback(RemoteCertificateValidationCallback callback)
+            {
+                VerifySslCallback = callback;
+
+                return this;
+            }
+
             /// <summary>
             /// Set X509CertificateCollection to be sent with HTTP requests
             /// </summary>

Client/Internal/ApiClient.cs

@@ -47,6 +47,11 @@ public ApiClient(InfluxDBClientOptions options, LoggingHandler loggingHandler, G
                     (sender, certificate, chain, sslPolicyErrors) => true;
             }
 
+            if (options.VerifySslCallback != null)
+            {
+                RestClientOptions.RemoteCertificateValidationCallback = options.VerifySslCallback;
+            }
+
             if (options.ClientCertificates != null)
             {
                 RestClientOptions.ClientCertificates ??= new X509CertificateCollection();

Scripts/ci-test.sh

@@ -47,6 +47,11 @@ then
   TRX2JUNIT_VERSION="1.6.0"
 fi
 
+#
+# Generate testing certificates
+#
+dotnet dev-certs https
+
 #
 # Install testing tools
 #