Code examples for the App security: SSL and certificate pinning blogpost

00_Blog - App security: SSL and certificate pinning

...

01_ServiceCertificateCallBack.cs

ServicePointManager.ServerCertificateValidationCallback += 
  (sender, certificate, chain, sslPolicyErrors) => {
  // ...
}

02_PinToLeaf.cs

// validkeys should be a list of strings containing the trusted public keys
ServicePointManager.ServerCertificateValidationCallback += 
  (sender, certificate, chain, sslPolicyErrors) => {
  return validkeys.Contains(certificate?.GetPublicKeyString());
}

03_PinToIntermediate.cs

ServicePointManager.ServerCertificateValidationCallback += 
  (sender, certificate, chain, sslPolicyErrors) => {
  if (certificate == null)
  {
    return false;
  }

  foreach (var cert in chain.ChainPolicy.ExtraStore)
  {
    if (cert.Subject == certificate?.Issuer)
    {
      return validkeys.Contains(cert.GetPublicKeyString());
    }
  }
  
  return false;
}

04_DisableChecks_DO_NOT_USE.cs

ServicePointManager.ServerCertificateValidationCallback += 
  (sender, certificate, chain, sslPolicyErrors) => {
  return false; // this effectively disables all certificate checks, never use this approach in production code!
}