Hello,

I am  trying a proof of concept to see if certificate validation could theoretically be ignored during TLS communication on the ConnectionInfoEX class in HLAPI. I should be able to set my own function to the CertificateValidationCallback variable on my ConnectionInfoEX instance, but when I do this, I still see an exception regarding certificate UntrustedRoot thrown during initialization, and my validation function never gets called. I'm expecting no exception to occur because it should call my validation function which just returns true and look no further at the certificate. Am I missing something with how to set this up on ConnectionInfoEX?

Here is the relevant snippet of my code:

private IAMTInstance InternalConnect(HostResource host)
{
  try
  {
    string username;
    var useTLS = true;
    var authMethod = ConnectionInfoEX.AuthMethod.Digest;
    var mutualAuthCertNameSearchString = host.MutualTlsCertificateName;

    username = host.AmtUsername;
    var password = ConvertToSecureString(host.AmtPassword);

    var hostname = host.Hostname;
    if (host.AmtUseAltHostname)
    {
      hostname = host.AmtAltHostname;
    }

    ConnectionInfoEX connection = new ConnectionInfoEX(hostname, username, password, useTLS, mutualAuthCertNameSearchString, authMethod, null, null, null);
    connection.CertificateValidationCallback = ValidateServerCertificate;
    return AMTInstanceFactory.CreateEX(connection);
  }
  catch (Exception e)
  {
    throw ParseAmtException(e);
  }
}

// Implement the certificate validation callback
public static bool ValidateServerCertificate(
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
  Console.WriteLine("ValidateServerCertificate returning true");
  return true;
}