Skip to content

Commit 0da25e8

Browse files
committed
CustomBuildTool: Add cert checks
1 parent 8c60d5a commit 0da25e8

File tree

3 files changed

+35
-9
lines changed

3 files changed

+35
-9
lines changed

tools/CustomBuildTool/Build.cs

Lines changed: 35 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1217,17 +1217,35 @@ public static bool BuildDeployUpdateConfig()
12171217

12181218
try
12191219
{
1220-
using (HttpClient client = new HttpClient())
1220+
using (HttpClientHandler httpClientHandler = new HttpClientHandler())
12211221
{
1222-
client.DefaultRequestHeaders.Add("X-ApiKey", buildPostApiKey);
1222+
httpClientHandler.AutomaticDecompression = DecompressionMethods.All;
1223+
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) =>
1224+
{
1225+
// Allow this client to communicate with authenticated servers.
1226+
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
1227+
return true;
12231228

1224-
var httpTask = client.PostAsync(buildPostUrl, new StringContent(buildPostString, Encoding.UTF8, "application/json"));
1225-
httpTask.Wait();
1229+
// Temporarily ignore wj32.org expired certificate.
1230+
if (string.Equals(cert.GetCertHashString(System.Security.Cryptography.HashAlgorithmName.SHA1), "b60cb3b6aac5f59075689fc3c7dfd561750ce100", StringComparison.OrdinalIgnoreCase))
1231+
return true;
12261232

1227-
if (!httpTask.Result.IsSuccessStatusCode)
1228-
{
1229-
Program.PrintColorMessage("[UpdateBuildWebService] " + httpTask.Result, ConsoleColor.Red);
1233+
// Do not allow this client to communicate with unauthenticated servers.
12301234
return false;
1235+
};
1236+
1237+
using (HttpClient client = new HttpClient(httpClientHandler))
1238+
{
1239+
client.DefaultRequestHeaders.Add("X-ApiKey", buildPostApiKey);
1240+
1241+
var httpTask = client.PostAsync(buildPostUrl, new StringContent(buildPostString, Encoding.UTF8, "application/json"));
1242+
httpTask.Wait();
1243+
1244+
if (!httpTask.Result.IsSuccessStatusCode)
1245+
{
1246+
Program.PrintColorMessage("[UpdateBuildWebService] " + httpTask.Result, ConsoleColor.Red);
1247+
return false;
1248+
}
12311249
}
12321250
}
12331251
}
@@ -1331,8 +1349,16 @@ public static bool BuildDeployUploadArtifacts()
13311349
httpClientHandler.AutomaticDecompression = DecompressionMethods.All;
13321350
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) =>
13331351
{
1334-
// Ignore certificate issues.
1335-
return true;
1352+
// Allow this client to communicate with authenticated servers.
1353+
if (sslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
1354+
return true;
1355+
1356+
// Temporarily ignore wj32.org expired certificate.
1357+
if (string.Equals(cert.GetCertHashString(System.Security.Cryptography.HashAlgorithmName.SHA1), "b60cb3b6aac5f59075689fc3c7dfd561750ce100", StringComparison.OrdinalIgnoreCase))
1358+
return true;
1359+
1360+
// Do not allow this client to communicate with unauthenticated servers.
1361+
return false;
13361362
};
13371363

13381364
using (HttpClient client = new HttpClient(httpClientHandler))
Binary file not shown.
Binary file not shown.

0 commit comments

Comments
 (0)