Manually validating SSL certificates (no WWW involved)

How can i manually verify an SSL certificate retrieved from a server while communicating through HTTPS but with other means than the WWW class? On .Net 3.5 there’s the X509Certificate2.Verify() method but taking a look inside the Mono sources this method is marked with the following attribute:

[MonoTODO("by default this depends on the incomplete X509Chain")]

What is this supposed to mean? Does it mean that certificate validation in Mono using this method is ultimately unreliable? What good alternative can i use?

I don’t know what you’re trying to achieve, but maybe you can do it with ServicePointManager.ServerCertificateValidationCallback. This needs some additional investigation as well, because one of the callback delegate parameters is X509Chain, and basing on the MonoTODO you posted, there might be some problem related to this class.

UPDATE: I took a look at the thread you provided, and I found an older thread by the developer as well. As I understand, UniWeb uses TcpClient, and if it’s true, than for SSL communication it probably uses SslStream. When wrapping TcpClient stream into SslStream, it is possible to provide certificate validation callback - the same I mentioned above. If current implementation doesn’t throw any error when connecting to a site with invalid certificate, then probably the callback always returns true.

Maybe you can ask author about this directly, and if it works as I believe, then he should allow for injecting the callback or maybe make it virtual. Hard to say exactly without knowing implementation details though.