Certificate Validation

XMPP is using TLS to encrypt the XML stream. With the Tls property of the XMPP client you can control the encryption settings. By default it is set to true and automatically enabled when supported by the target server.

When you open a new connection and Tls is true MatriX will automatically try to upgrade the session to TLS using XMPP's start TLS feature when supported by the target server.

SSL/TLS Certificate

TLS is based on certificates. When the stream gets updated to TLS then the server presents a certificate to the client. The .NET Framework and MatriX automatically validates the certificate. When there are any validation errors MatriX will not proceed during TLS negotiation and terminate the stream.

However in some deployments, testing or staging environments you may have an invalid, self signed or untrusted TLS certificates and still want to secure the connection using TLS.

Here is an example where an AlwaysAcceptCertificateValidator get set to ignore all errors and trusts blindly all certificates.

xmppClient.CertificateValidator = new AlwaysAcceptCertificateValidator();

When you need more control overcertificate validation you can write your own validator by implementing the ICertificateValidator interface and setting your custom validator on the XmppClient.

Example

using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

public class CustomCertificateValidator : ICertificateValidator
{
    public bool RemoteCertificateValidationCallback(
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors)
    {
        // add your code here which validates certificates based 
        // on your requirements and returns true/false
        return true;
    }
}