29

I'm searching for a way to validate (or bypass validation for) self-signed SSL certificates using VB.NET. I found code to do this in C# and tried converting it into VB code, but I'm not having any luck.

Here is the C# code: How do I use WebRequest to access an SSL encrypted site using https?

Here is what I tried:

Imports System
Imports System.Net
Imports System.Security.Cryptography.X509Certificates

Public Class clsSSL
    Public Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
        Return True
    End Function
End Class

Then before the WebRequest I have this line of code which gives me an error.

ServicePointManager.ServerCertificateValidationCallback =
    New System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications)

The error message is:

Delegate 'System.Net.Security.RemoteCertificateValidationCallback' requires an 'AddressOf' expression or lambda expression as the only argument to its constructor.

Martin Prikryl
  • 167,268
  • 50
  • 405
  • 846
compcentral
  • 1,155
  • 3
  • 16
  • 27

5 Answers5

36

In VB.Net, you need to write

ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications
SLaks
  • 837,282
  • 173
  • 1,862
  • 1,933
  • Yep.. That was it. I figured I was missing something simple. I saw that in the error message and I swear I tried it but I guess not. Thanks. – compcentral May 13 '11 at 21:43
13

One-liner:

System.Net.ServicePointManager.ServerCertificateValidationCallback = _
  Function(se As Object, _
  cert As System.Security.Cryptography.X509Certificates.X509Certificate, _
  chain As System.Security.Cryptography.X509Certificates.X509Chain, _
  sslerror As System.Net.Security.SslPolicyErrors) True

Credits to Robby Tendean

MrCalvin
  • 1,383
  • 1
  • 15
  • 22
2

I'm not sure but this should work:

ServicePointManager.ServerCertificateValidationCallback = _
      New RemoteCertificateValidationCallback(AddressOf AcceptAllCertifications)

http://msdn.microsoft.com/de-de/library/system.net.security.remotecertificatevalidationcallback%28VS.90%29.aspx

Tim Schmelter
  • 429,027
  • 67
  • 649
  • 891
2

All the answers here blindly accept any certificate. That's a security flaw.

When implementing ServicePointManager.ServerCertificateValidation callback one should validate the certificate. E.g. by checking certificate's hash against a known value:

Imports System.Net
Imports System.Net.Security
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates

ServicePointManager.ServerCertificateValidationCallback =
    Function(sender As Object, certificate As X509Certificate, chain As X509Chain,
             errors As SslPolicyErrors)
        Return _
            (errors = SslPolicyErrors.None) Or
            certificate.GetCertHashString(HashAlgorithmName.SHA256).Equals(
                "EB8E0B28AE064ED58CBED9DAEB46CFEB3BD7ECA67737179E3C85BC3CD09D4EEC")
    End Function

For the X509Certificate.GetCertHashString overload that takes HashAlgorithmName.SHA256, you need .NET 4.8. On older versions use the parameter-less overload that returns an SHA-1 hash.

Based on Is it safe to test the X509Certificate.Thumbprint property when you know an invalid certificate is safe?

For C# version of the code, see FtpWebRequest "The remote certificate is invalid according to the validation procedure".

Martin Prikryl
  • 167,268
  • 50
  • 405
  • 846
0

In VB.Net,

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls

solves the less secure apps problem.

Pang
  • 9,073
  • 146
  • 84
  • 117
vidhya
  • 1