Ignoring invalid SSL certificates in HTTPUtils

Is there an equivalent to ServerCertificateCustomValidationCallback in the following code snippet?
var tokenResponse = $"{baseUrl}/oauth2/token".PostToUrl(login).FromJson<LoginResponse>();

The server at baseUrl is an internal machine at a client’s site, so the SSL certificate is reported as invalid.

Not from the HTTP Utils API as this needs to be configured in the custom HttpClientHandler when constructing the HttpClient instance, e.g:

var handler = new HttpClientHandler {
    ServerCertificateCustomValidationCallback = ...
};
var client = new HttpClient(handler);
var response = await client.GetAsync($"{baseUrl}/oauth2/token");
string tokenResponse = await response.Content.ReadAsStringAsync();

If you’re using .NET 6+ you can configure the HttpClientHandler used by all HttpUtils APIs with:

HttpUtils.HttpClientHandlerFactory = () => new() {
    UseDefaultCredentials = true,
    AutomaticDecompression = DecompressionMethods.Brotli | DecompressionMethods.Deflate | DecompressionMethods.GZip,
    ServerCertificateCustomValidationCallback = ...
};

But that would affect all HTTP Utils APIs.

Looks to work nicely (once I updated to v6 :slight_smile: )!
Brilliant, thanks for the speedy response.

1 Like