Return more info when the remote certificate validation fails

blankensteiner · blankensteiner · commit e2025a0b6105 · 2025-05-21T09:22:06.000+02:00
diff --git a/src/DotPulsar/Internal/Connector.cs b/src/DotPulsar/Internal/Connector.cs
@@ -14,6 +14,7 @@
 
 namespace DotPulsar.Internal;
 
+using System;
 using System.Net;
 using System.Net.Security;
 using System.Net.Sockets;
@@ -97,21 +98,31 @@ private static async Task<Stream> GetStream(string host, int port, CancellationT
     private async Task<Stream> EncryptStream(Stream stream, string host, CancellationToken _)
     {
         SslStream? sslStream = null;
+        var policyErrors = SslPolicyErrors.None;
+
+        bool Validate(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
+        {
+            policyErrors = sslPolicyErrors;
+            return ValidateServerCertificate(certificate, chain, sslPolicyErrors);
+        }
 
         try
         {
-            sslStream = new SslStream(stream, false, ValidateServerCertificate, null);
+            sslStream = new SslStream(stream, false, Validate, null);
             await sslStream.AuthenticateAsClientAsync(host, _clientCertificates, SslProtocols.None, _checkCertificateRevocation).ConfigureAwait(false);
             return sslStream;
         }
-        catch
+        catch (Exception exception)
         {
             if (sslStream is null)
                 stream.Dispose();
             else
                 sslStream.Dispose();
 
-            throw;
+            if (policyErrors == SslPolicyErrors.None)
+                throw;
+
+            throw new AuthenticationException($"The remote certificate validation failed with SSL policy errors '{policyErrors}'", exception);
         }
     }
 #else
@@ -123,7 +134,7 @@ private async Task<Stream> EncryptStream(Stream stream, string host, Cancellatio
         bool Validate(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
         {
             policyErrors = sslPolicyErrors;
-            return ValidateServerCertificate(sender, certificate, chain, sslPolicyErrors);
+            return ValidateServerCertificate(certificate, chain, sslPolicyErrors);
         }
 
         try
@@ -146,15 +157,15 @@ bool Validate(object sender, X509Certificate? certificate, X509Chain? chain, Ssl
             else
                 await sslStream.DisposeAsync().ConfigureAwait(false);
 
-            if (policyErrors != SslPolicyErrors.None)
-                exception.Data.Add("SslPolicyErrors", policyErrors);
+            if (policyErrors == SslPolicyErrors.None)
+                throw;
 
-            throw;
+            throw new AuthenticationException($"The remote certificate validation failed with SSL policy errors '{policyErrors}'", exception);
         }
     }
 #endif
 
-    private bool ValidateServerCertificate(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
+    private bool ValidateServerCertificate(X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors)
     {
         if (sslPolicyErrors == SslPolicyErrors.None)
             return true;
