Hi Jmh,
Thanks for your response.
AS for the try... catch... block ,where do you put them? If you just put
them around your webClient processing code, I don't think it will provide
any useful info since any error occur when validting the Server Certificate
fail will result a System.Net.WebException which only indicate that the
underlying connection fail to establish.
So we need to put our Custom CertificatePolicy class and put our
interception code in the
public bool CheckValidationResult(ServicePoint sp,
X509Certificate cert,WebRequest req, int problem)
{
method. The "int problem" is just the error code indicate what's the
actual error that occurs. Following is the error code---error info mapping
table:
public enum CertificateProblem : long
{
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
}
you can also find it in the MSDN document I mentioned in the previous
message:
#ICertificatePolicy Interface
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemneticertificat
epolicyclasstopic.asp?frame=true
If anything else unclear, please feel free to post here. Thanks,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)