custom validation of self-signed cert

[tele-bird]

For connecting to our IoT device's SSL endpoint, we need to use a self-signed certificate, and we want to validate its MD5 and SHA1 hash strings like this:

    public static class HttpsValidation
    {
        public static void Initialize()
        {
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            ServicePointManager.ServerCertificateValidationCallback = OnValidateCertificate;
        }

        static bool OnValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
        {
            string md5Hash = certificate.GetCertHashString(System.Security.Cryptography.HashAlgorithmName.MD5);
            string sha1Hash = certificate.GetCertHashString(System.Security.Cryptography.HashAlgorithmName.SHA1);
            return md5Hash == "myMD5hash" && sha1Hash == "mySHA1hash";
        }
    {

However, with modernhttpclient-updated, I only see ways to validate the public keys, and I can't customize the validation. Is it not possible?

[alexrainman]

I just released a new version yesterday but this is not supported yet. I will have to take a look into it.

[alexrainman]

Done in version 3.4.1

[tele-bird]

Great, thank you! How do I set up custom validation? I don't see any mention of it in README.md

[alexrainman]

You don’t. Just pass the public keys in the format of your preference and it will work.

[tele-bird]

Ok, so we want to validate both MD5 and SHA1, as in the code snippet I provided. Is there a way to pass both formats, and have it check that MD5 equals cert1 and SHA1 equals cert2 ?

[alexrainman]

Pass both them for the domain associated with the certificate.