daohualiuxiang
/
dotnet
mirror of https://github.com/microsoft/dotnet.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
dotnet/Documentation/compatibility/certificate-eku-oid-validat...

1.5 KiB
Raw Blame History

Certificate EKU OID validation

Scope

Minor

Version Introduced

4.6

Source Analyzer Status

NotPlanned

Change Description

Starting with .NET Framework 4.6, the xref:System.Net.Security.SslStream or xref:System.Net.ServicePointManager classes perform enhanced key use (EKU) object identifier (OID) validation. An enhanced key usage (EKU) extension is a collection of object identifiers (OIDs) that indicate the applications that use the key. EKU OID validation uses remote certificate callbacks to ensure that the remote certificate has the correct OIDs for the intended purpose.

  • Quirked
  • Build-time break

Recommended Action

If this change is undesirable, you can disable certificate EKU OID validation by adding the following switch to the \<AppContextSwitchOverrides> element in the `<runtime> section of your app configuration file:

<runtime>
   <AppContextSwitchOverrides
          value="Switch.System.Net.DontCheckCertificateEKUs=true" />
</runtime>

[!IMPORTANT] This setting is provided for backward compatibility only. Its use is otherwise not recommended.

Affected APIs

  • T:System.Net.Security.SslStream
  • T:System.Net.ServicePointManager
  • T:System.Net.Http.HttpClient
  • T:System.Net.Mail.SmtpClient
  • T:System.Net.HttpWebRequest
  • T:System.Net.FtpWebRequest

Category

Networking