CodeSOD: Certifiable Success

This post was originally published on this site

The Daily WTF

“Hey, apparently, the SSL cert on our web-service expired… in 2013.”

Laura’s company had a web-service that provided most of their business logic, and managed a suite of clients for interacting with that service. Those clients definitely used SSL to make calls to that web-service. And Laura knew that there were a bunch of calls to ValidateServerCertificate as part of the handshaking process, so they were definitely validating it, right?

private static bool ValidateServerCertificate( object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; }

Well, that’s one kind of validation rule. It’s guaranteed to never fail, if nothing else.

[Advertisement] ProGet can centralize your organization’s software applications and components to provide uniform access to developers and servers. Check it out!

To read the full article click on the 'post' link at the top.