TElSSLClass.OnCertificateValidate event

TElSSLClass.OnCertificateValidate

This event is fired when the client/server certificate must be validated.

Declaration

[C#]
event TSBCertificateValidateEvent OnCertificateValidate;
delegate void TSBCertificateValidateEvent(Object Sender, TElX509Certificate X509Certificate, ref TSBCertificateValidity Validity, ref TSBCertificateValidityReason Reason);

[VB.NET]
Event OnCertificateValidate As TSBCertificateValidateEvent
Delegate Sub TSBCertificateValidateEvent(ByVal Sender As Object, ByVal X509Certificate As TElX509Certificate, ByRef Validity As TSBCertificateValidity, ByRef Reason As TSBCertificateValidityReason)

[Pascal]
property OnCertificateValidate : TSBCertificateValidateEvent;
TSBCertificateValidateEvent = procedure(Sender : TObject; X509Certificate : TElX509Certificate; var Validity : TSBCertificateValidity; var Reason : TSBCertificateValidityReason) of object;

[C++]
    void get_OnCertificateValidate(TSBCertificateValidateEvent &pMethodOutResult, void * &pDataOutResult);
    void set_OnCertificateValidate(TSBCertificateValidateEvent pMethodValue, void * pDataValue);
    typedef void (SB_CALLBACK *TSBCertificateValidateEvent)(void * _ObjectData, TObjectHandle Sender, TElX509CertificateHandle X509Certificate, TSBCertificateValidityRaw &Validity, TSBCertificateValidityReasonRaw &Reason);

[PHP]
    TSBCertificateValidateEvent|callable|NULL get_OnCertificateValidate()
    void set_OnCertificateValidate(TSBCertificateValidateEvent|callable|NULL $Value)
    callable TSBCertificateValidateEvent(TObject $Sender, TElX509Certificate $X509Certificate, integer &$Validity, integer &$Reason)

[Java]
    TSBCertificateValidateEvent getOnCertificateValidate();
    void setOnCertificateValidate(TSBCertificateValidateEvent Value);
    TSBCertificateValidateEvent.Callback OnCertificateValidate = new TSBCertificateValidateEvent.Callback() {
        public void TSBCertificateValidateEventCallback(TObject Sender, TElX509Certificate X509Certificate, TElX509CertificateValidateResult Res) {
            //...
        }
    }

Parameters

X509Certificate - the certificate to be validated.
Validity - specifies the certificate validity status.
Reason - specifies validity reason.
Res - [Java] References an instance of the object, which contains Validity and Reason properties.

TSBCertificateValidity values

[.NET] [C++]	[Pascal]	Description
cvOk = 0	cvOk	Certificate was validated successfully and is valid
cvSelfSigned = 1	cvSelfSigned	Certificate is self signed
cvInvalid = 2	cvInvalid	Certificate is invalid
cvStorageError = 3	cvStorageError	Certificate was not validated due to certificate storage error
cvChainUnvalidated = 4	cvChainUnvalidated	Certificate chain was not validated because while the certificate itself is valid, one or more of CA Certificates in the chain have validation problems

TSBCertificateValidityReason values

[.NET]	[Pascal]	[C++]	Description
vrBadData = 1	vrBadData	f_vrBadData = 1	Invalid certificate format or certificate is corrupted
vrRevoked = 2	vrRevoked	f_vrRevoked = 2	Certificate is revoked by Issuer
vrNotYetValid = 4	vrNotYetValid	f_vrNotYetValid = 4	Certificate is not valid yet
vrExpired = 8	vrExpired	f_vrExpired = 8	Certificate is expired
vrInvalidSignature = 16	vrInvalidSignature	f_vrInvalidSignature = 16	Certificate contains invalid digital signature, it could be corrupted
vrUnknownCA = 32	vrUnknownCA	f_vrUnknownCA = 32	Issuer (CA) certificate was not found.
vrCAUnauthorized = 64	vrCAUnauthorized	f_vrCAUnauthorized = 64	Issuer (CA) certificate was found but its key usage fields don't allow use of this certificate for signing other certificates.
vrCRLNotVerified = 128	vrCRLNotVerified	f_vrCRLNotVerified = 128	Certificate Revocation List for this certificate could not be retrieved and/or validated.
vrOCSPNotVerified = 256	vrOCSPNotVerified	f_vrOCSPNotVerified = 256	OCSP response for this certificate could not be retrieved and/or validated.
vrIdentityMismatch = 512	vrIdentityMismatch	f_vrIdentityMismatch = 512	Provided certificate doesn't include the specified name and / or IP address. Either the remote side in TLS or sender in S/MIME is misconfigured, or the certificate is misused by the remote side or sender, or authenticity of the remote side or sender is forged.
vrNoKeyUsage = 1024	vrNoKeyUsage	f_vrNoKeyUsage = 1024	Provided certificate may not be used for chosen activity (identifying TLS server or client or S/MIME message sender)
vrBlocked = 2048	vrBlocked	f_vrBlocked = 2048	Provided certificate has been found in the list of blocked certificates
vrFailure = 4096	vrFailure	f_vrFailure = 4096	Validation took too long, aborted
vrChainLoop = 8192	vrChainLoop	f_vrChainLoop = 8192	Certificate chain includes a loop. Further validation is not possible.
vrWeakAlgorithm = 16384	vrWeakAlgorithm	f_vrWeakAlgorithm = 16384	One of certificates is signed using the weak hash algorithm

Description

This event is fired by TElSSLClient and TElSSLServer when the negotiated protocol offers the client/server to validate the other peer's certificate, starting from the root CA to the end-entity certificate. One can check, whether the certificate is an end-entity one, by checking the certificate's Chain property. Use methods of the TElX509CertificateValidator class to perform the certificate validation.