search

cnblogs / EnyimMemcachedCore

.NET Memcached client. Available on https://www.nuget.org/packages/EnyimMemcachedCore
Apache License 2.0
162 stars 45 forks source link

Allow to provide SslClientAuthenticationOptions when leveraging SslStream #213

Closed asaintsever closed 8 months ago

asaintsever commented 8 months ago

It is currently not possible to tune the SSL client authentication options when connecting to a Memcached server with SSL in place.

One of my needs is to be able to provide custom certificate validation callbacks to the pooled socket object so that I can ignore certificate errors during some local tests for example (it is particularly the case when you want to connect to an Amazon ElastiCache for Memcached SSL cluster from your local machine through a SSH tunnel: you'll get errors because localhost does not match the hostname defined in the server certificate).

This PR introduces a new SslClientAuth property in MemcachedClientOptions class so that you can define such aspects.

Example of configuration with a callback to ignore certificate validation issues:

IOptions<MemcachedClientOptions> optionsAccessor = Options.Create(new MemcachedClientOptions
{
    UseSslStream = true,
    SslClientAuth = new SslClientAuthenticationOptions
    {
        TargetHost = "localhost",
        RemoteCertificateValidationCallback = new RemoteCertificateValidationCallback(
            (sender, certificate, chain, sslPolicyErrors) => true),
    },
    ...
});

Properties supported by SslClientAuthenticationOptions class are documented here: https://learn.microsoft.com/en-us/dotnet/api/system.net.security.sslclientauthenticationoptions?view=net-8.0#properties

cnblogs-dudu commented 8 months ago

EnyimMemcachedCore 3.1.0 has been released for this PR.