Skip to content

Commit 63d94c8

Browse files
pglombardopglombardo
authored
Certificates: don't ignore chain; better logging (#269)
1 parent edf743b commit 63d94c8

File tree

1 file changed

+18
-3
lines changed

1 file changed

+18
-3
lines changed

Source/HiveMQtt/Client/Transport/TCPTransport.cs

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@
1616
namespace HiveMQtt.Client.Transport;
1717

1818
using System.IO.Pipelines;
19+
using System.Globalization;
20+
using System.Linq;
1921
using System.Net;
2022
using System.Net.Security;
2123
using System.Net.Sockets;
@@ -78,10 +80,8 @@ internal static bool ValidateServerCertificate(
7880
X509Chain? chain,
7981
SslPolicyErrors sslPolicyErrors)
8082
{
81-
// Ignore the unused parameters
83+
// Ignore the sender parameter
8284
_ = sender;
83-
_ = certificate;
84-
_ = chain;
8585

8686
if (sslPolicyErrors == SslPolicyErrors.None)
8787
{
@@ -90,6 +90,21 @@ internal static bool ValidateServerCertificate(
9090

9191
Logger.Warn("Broker TLS Certificate error: {0}", sslPolicyErrors);
9292

93+
// Log additional certificate details for debugging
94+
if (certificate != null)
95+
{
96+
Logger.Debug(CultureInfo.InvariantCulture, "Certificate Subject: {0}", certificate.Subject);
97+
Logger.Debug(CultureInfo.InvariantCulture, "Certificate Issuer: {0}", certificate.Issuer);
98+
Logger.Debug(CultureInfo.InvariantCulture, "Certificate Serial Number: {0}", certificate.GetSerialNumberString());
99+
}
100+
101+
// Validate certificate chain if provided
102+
if (chain != null)
103+
{
104+
var chainStatus = chain.ChainStatus.Length > 0 ? string.Join(", ", chain.ChainStatus.Select(cs => cs.Status)) : "Valid";
105+
Logger.Debug(CultureInfo.InvariantCulture, "Certificate chain validation status: {0}", chainStatus);
106+
}
107+
93108
// Do not allow this client to communicate with unauthenticated servers.
94109
return false;
95110
}

0 commit comments

Comments
 (0)