CertificateValidate Event
Fires when the server's TLS certificate has to be validated.
Syntax
type TCertificateValidateEvent = procedure ( Sender: TObject; const Address: String; var Accept: Boolean ) of Object;
property OnCertificateValidate: TCertificateValidateEvent read FOnCertificateValidate write FOnCertificateValidate;
Remarks
The component fires this event upon receiving the server's certificate during TLS handshake. The subscriber to this event has to validate the certificate and return its status back to the component using the Accept parameter.
The Address parameter indicates the address of the server the connection is being established to.
This event is fired independently of the AutoValidateCertificates setting. If this setting is false, the event handler (and your code) is responsible for validating the certificate chain and returning the result back to the component through the Accept parameter. Note that setting AutoValidateCertificates to false and not performing any validation inside the handler of this event creates a serious security vulnerability, which can lead to grave consequences.
The exact validation method to use depends on your circumstances, and may range from comparing the certificate to its legit and trusted copy (sometimes called certificate pinning), to fully-fledged chain validation. CertificateValidator component is one of the options to build your chain validation on.
If AutoValidateCertificates is true, the chain has already been validated internally by the component by the time this event fires, and the value of Accept reflects the outcome of that check. You can perform your own, additional validation even when using AutoValidateCertificates mode, and adjust Accept if needed.