Skip to content

Commit

Permalink
allow checking for multiple issuers.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeffj6123
jeffj6123 committed Jun 16, 2022
1 parent 83d04d7 commit 3bf02ad
Showing 1 changed file with 5 additions and 6 deletions.
11 changes: 5 additions & 6 deletions src/Microsoft.ServiceFabric.Client/ServerCertificateValidator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,11 +155,11 @@ private bool ValidateServerCertificateX509Name(X509Certificate2 cert, X509Chain

private bool IsServerCertIssuerThumbprintValid(X509Chain chain, string expectedIssuerThumbprint)
{
var issuers = expectedIssuerThumbprint.ToLower().Split(',');
// SelfSigned cert matches with index 0, CA signed matches with index 1.
var thumbprint = chain.ChainElements[0].Certificate.Thumbprint;
var thumbprint = chain.ChainElements[0].Certificate.Thumbprint.ToLower();

if (thumbprint != null &&
thumbprint.Equals(expectedIssuerThumbprint, StringComparison.OrdinalIgnoreCase))
if (thumbprint != null && issuers.Contains(thumbprint))
{
return true;
}
Expand All @@ -170,10 +170,9 @@ private bool IsServerCertIssuerThumbprintValid(X509Chain chain, string expectedI
return false;
}

thumbprint = chain.ChainElements[1].Certificate.Thumbprint;
thumbprint = chain.ChainElements[1].Certificate.Thumbprint.ToLower();

return thumbprint != null &&
thumbprint.Equals(expectedIssuerThumbprint, StringComparison.OrdinalIgnoreCase);
return thumbprint != null && issuers.Contains(thumbprint);
}

/// <summary>
Expand Down

0 comments on commit 3bf02ad

Please sign in to comment.