Ignore:
Timestamp:
09/28/17 08:08:13 (4 years ago)
Author:
jkarder
Message:

#2835: merged r15361 into stable

Location:
stable
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • stable

  • stable/HeuristicLab.Clients.Common/3.3/ClientFactory.cs

    r14186 r15386  
    2121
    2222using System;
     23using System.Security.Cryptography.X509Certificates;
    2324using System.ServiceModel;
    2425using System.ServiceModel.Description;
     26using System.ServiceModel.Security;
    2527using HeuristicLab.Clients.Common.Properties;
    2628
     
    5961      client.ClientCredentials.UserName.UserName = userName;
    6062      client.ClientCredentials.UserName.Password = password;
    61       client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
     63      client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
     64
     65      // we (jkarder + abeham) have disabled the revocation check for now
     66      // the certificate requires OCSP instead of CRL for revocation checks, but the OCSP check fails
     67      // we currently don't know why this is the case, because we observed a valid OCSP request/response using wireshark
     68      client.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
    6269      return client;
    6370    }
     
    8390      channelFactory.Credentials.UserName.UserName = userName;
    8491      channelFactory.Credentials.UserName.Password = password;
    85       channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
     92      channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;
     93
     94      // we (jkarder + abeham) have disabled the revocation check for now
     95      // the certificate requires OCSP instead of CRL for revocation checks, but the OCSP check fails
     96      // we currently don't know why this is the case, because we observed a valid OCSP request/response using wireshark
     97      channelFactory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
    8698      return channelFactory;
    8799    }
Note: See TracChangeset for help on using the changeset viewer.