dohertj2/histsdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add HistorianClientOptions.AllowUntrustedServerCertificate

Browse Source 
When true, the SDK's WCF channel factories accept the server's X.509
certificate without chain validation. Intended for connecting to
development / on-prem Historians whose /HistCert endpoint presents an
installer-generated self-signed cert that isn't in the local trust
store. Particularly relevant on Linux: .NET WCF on Linux does its own
X509Chain validation that doesn't honor the system CA bundle, so even
after `update-ca-certificates` succeeds the cert binding still rejects
the server. With this option set, custom certificate validator accepts
any cert and revocation checking is disabled.

Default false. Centralized in HistorianWcfClientCredentialsHelper.Configure
and applied at every ChannelFactory<T> instantiation in the WCF layer
(no-op when the option is false). 171/171 Windows tests still pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-05-04 23:05:32 -04:00
parent 92d4110142
commit d3e5bf09b6
5 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/AVEVA.Historian.Client/Wcf/HistorianWcfAuthChainHelper.cs
+1
View File
@@ -45,6 +45,7 @@ internal static class HistorianWcfAuthChainHelper
Action<IHistoryServiceContract2, OpenConnectionContext>? additionalSetup = null)
{
ChannelFactory<IHistoryServiceContract2> historyFactory = new(historyBinding, historyEndpoint);
HistorianWcfClientCredentialsHelper.Configure(historyFactory, options);
historyFactory.Endpoint.EndpointBehaviors.Add(new HistorianWcfHistAddressingBehavior());
if (HistorianWcfMessageCaptureBehavior.IsEnabled)
{