CodeSOD: Certifiable Success

, Software Pundits
This post was originally published on this site

The Daily WTF

“Hey, apparently, the SSL cert on our web-service expired… in 2013.”

Laura’s company had a web-service that provided most of their business logic, and managed a suite of clients for interacting with that service. Those clients definitely used SSL to make calls to that web-service. And Laura knew that there were a bunch of calls to ValidateServerCertificate as part of the handshaking process, so they were definitely validating it, right?

private static bool ValidateServerCertificate( object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; }

Well, that’s one kind of validation rule. It’s guaranteed to never fail, if nothing else.

[Advertisement] ProGet can centralize your organization’s software applications and components to provide uniform access to developers and servers. Check it out!

To read the full article click on the 'post' link at the top.

Date

You May Also Like

A Tapestry of Threads

Error'd: Are You Old Enough to Know Better?

Perfect Uptime

Classic WTF: Working Around, Over and Through the Process

CodeSOD: Constantly Magic

CodeSOD: In House Refactoring

More Posts From: Software Pundits

CodeSOD: Spaced Out Prefix

How to Master AI Prompt Engineering: Strategies for Optimal Responses

Too Many Red Flags

Error'd: No Time Like the Present

CodeSOD: Don't Date Me

CodeSOD: Expressing a Leak