feat: add Bypass Certificate Check Flag

MWClayson-NHS · MWClayson-NHS · commit 039e83d4e9f5 · 2025-04-10T11:11:22.000+01:00
diff --git a/application/DotNetMeshClient/NHS.Mesh.Client/Clients/MeshConnectClient.cs b/application/DotNetMeshClient/NHS.Mesh.Client/Clients/MeshConnectClient.cs
@@ -82,7 +82,13 @@ private async Task<HttpResponseMessage> SendHttpRequest(HttpRequestMessage httpR
             handler.SslProtocols = SslProtocols.Tls12;
             handler.ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, chain, sslPolicyErrors) =>
             {
-                if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
+
+                if(_meshConnectConfiguration.BypassServerCertificateValidation)
+                {
+                    _logger.LogWarning("Bypassing Server Certificate Validation");
+                    return true;
+                }
+                else if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
                 {
                     return true; // Everything is fine
                 }
diff --git a/application/DotNetMeshClient/NHS.Mesh.Client/Configuration/MeshConnectConfiguration.cs b/application/DotNetMeshClient/NHS.Mesh.Client/Configuration/MeshConnectConfiguration.cs
@@ -54,4 +54,6 @@ public class MeshConnectConfiguration : IMeshConnectConfiguration
     public bool ProxyUseDefaultCredentials { get; set; }
     /// <summary>Gets the chunk size in bytes for sending chunked messages 19Mb limit outside of HSCN 100Mb limit within</summary>
     public int ChunkSize { get; set; }
+    /// <summary>Flag if the Servers Certificate is Checked against the CA Chain</summary>
+    public bool BypassServerCertificateValidation { get; set; }
 }
diff --git a/application/DotNetMeshClient/NHS.Mesh.Client/Contracts/Configurations/IMeshConnectConfiguration.cs b/application/DotNetMeshClient/NHS.Mesh.Client/Contracts/Configurations/IMeshConnectConfiguration.cs
@@ -53,4 +53,6 @@ public interface IMeshConnectConfiguration
     bool ProxyUseDefaultCredentials { get; set; }
     /// <summary>Gets the chunk size in bytes for sending chunked messages 19Mb limit outside of HSCN 100Mb limit within</summary>
     int ChunkSize { get; set; }
+    /// <summary>Flag if the Servers Certificate is Checked against the CA Chain</summary>
+    public bool BypassServerCertificateValidation { get; set; }
 }
diff --git a/application/DotNetMeshClient/NHS.Mesh.Client/Extensions/MeshMailboxBuilder.cs b/application/DotNetMeshClient/NHS.Mesh.Client/Extensions/MeshMailboxBuilder.cs
@@ -28,7 +28,8 @@ public MeshMailboxBuilder(IServiceCollection services,Action<IMeshConnectConfigu
             MeshApiInboxUriPath = "inbox",
             MeshApiOutboxUriPath = "outbox",
             MeshApiAcknowledgeUriPath = "status/acknowledged",
-            ChunkSize = 19 * 1024 * 1024// below the 20mb limit for external
+            ChunkSize = 19 * 1024 * 1024,// below the 20mb limit for external
+            BypassServerCertificateValidation = false
         };
 
         options(_meshConnectConfiguration);

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,13 @@ private async Task<HttpResponseMessage> SendHttpRequest(HttpRequestMessage httpR`
`82`	`82`	`handler.SslProtocols = SslProtocols.Tls12;`
`83`	`83`	`handler.ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, chain, sslPolicyErrors) =>`
`84`	`84`	`{`
`85`		`- if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)`
	`85`	`+`
	`86`	`+ if(_meshConnectConfiguration.BypassServerCertificateValidation)`
	`87`	`+ {`
	`88`	`+ _logger.LogWarning("Bypassing Server Certificate Validation");`
	`89`	`+ return true;`
	`90`	`+ }`
	`91`	`+ else if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)`
`86`	`92`	`{`
`87`	`93`	`return true; // Everything is fine`
`88`	`94`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,4 +54,6 @@ public class MeshConnectConfiguration : IMeshConnectConfiguration`
`54`	`54`	`public bool ProxyUseDefaultCredentials { get; set; }`
`55`	`55`	`/// <summary>Gets the chunk size in bytes for sending chunked messages 19Mb limit outside of HSCN 100Mb limit within</summary>`
`56`	`56`	`public int ChunkSize { get; set; }`
	`57`	`+ /// <summary>Flag if the Servers Certificate is Checked against the CA Chain</summary>`
	`58`	`+ public bool BypassServerCertificateValidation { get; set; }`
`57`	`59`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,4 +53,6 @@ public interface IMeshConnectConfiguration`
`53`	`53`	`bool ProxyUseDefaultCredentials { get; set; }`
`54`	`54`	`/// <summary>Gets the chunk size in bytes for sending chunked messages 19Mb limit outside of HSCN 100Mb limit within</summary>`
`55`	`55`	`int ChunkSize { get; set; }`
	`56`	`+ /// <summary>Flag if the Servers Certificate is Checked against the CA Chain</summary>`
	`57`	`+ public bool BypassServerCertificateValidation { get; set; }`
`56`	`58`	`}`