(fix confluentinc#1897) : skip server SSL certs verification when con…

…figured
dolifer · Jan 7, 2023 · ab38836 · ab38836
1 parent 7c913b7
commit ab38836
Showing 1 changed file with 12 additions and 20 deletions.
diff --git a/src/Confluent.SchemaRegistry/Rest/RestService.cs b/src/Confluent.SchemaRegistry/Rest/RestService.cs
@@ -57,26 +57,14 @@ internal class RestService : IRestService
  /// <summary>
  /// Initializes a new instance of the RestService class.
  /// </summary>
- public RestService(string schemaRegistryUrl, int timeoutMs, IAuthenticationHeaderValueProvider authenticationHeaderValueProvider, List<X509Certificate2> certificates, bool enableSslCertificateVerification)
+ public RestService(string schemaRegistryUrl, int timeoutMs, IAuthenticationHeaderValueProvider authenticationHeaderValueProvider, List<X509Certificate2> certificates, bool enableSslCertificateVerification)
  {
  this.authenticationHeaderValueProvider = authenticationHeaderValueProvider;
 
  this.clients = schemaRegistryUrl
  .Split(',')
- .Select(SanitizeUri)// need http or https - use http if not present.
- .Select(uri =>
- {
- HttpClient client;
-                    if (certificates.Count > 0)
-                    {
-                        client = new HttpClient(CreateHandler(certificates, enableSslCertificateVerification)) { BaseAddress = new Uri(uri, UriKind.Absolute), Timeout = TimeSpan.FromMilliseconds(timeoutMs) };
-                    }
-                    else
-                    {
-                        client = new HttpClient() { BaseAddress = new Uri(uri, UriKind.Absolute), Timeout = TimeSpan.FromMilliseconds(timeoutMs) };
-                    }
- return client;
- })
+ .Select(SanitizeUri) // need http or https - use http if not present.
+ .Select(uri => new HttpClient(CreateHandler(certificates, enableSslCertificateVerification)) { BaseAddress = new Uri(uri, UriKind.Absolute), Timeout = TimeSpan.FromMilliseconds(timeoutMs) })
  .ToList();
  }
 
@@ -86,18 +74,22 @@ private static string SanitizeUri(string uri)
  return $"{sanitized.TrimEnd('/')}/";
  }
 
- private static HttpClientHandler CreateHandler(List<X509Certificate2> certificates, bool enableSslCertificateVerification)
+ private static HttpClientHandler CreateHandler(List<X509Certificate2> certificates, bool enableSslCertificateVerification)
  {
-     var handler = new HttpClientHandler();
- handler.ClientCertificateOptions = ClientCertificateOption.Manual;
+ var handler = new HttpClientHandler();
 
  if (!enableSslCertificateVerification)
  {
  handler.ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, certChain, policyErrors) => { return true; };
  }
 
-     certificates.ForEach(c => handler.ClientCertificates.Add(c));
-     return handler;
+ if (certificates.Count > 0)
+ {
+ handler.ClientCertificateOptions = ClientCertificateOption.Manual;
+ certificates.ForEach(c => handler.ClientCertificates.Add(c));
+ }
+
+ return handler;
  }
 
  private RegisteredSchema SanitizeRegisteredSchema(RegisteredSchema schema)