SslCertificateTrust.CreateForX509Collection Method

Definition

Creates a new SslCertificateTrust.

[System.Runtime.Versioning.UnsupportedOSPlatform("windows")]
public static System.Net.Security.SslCertificateTrust CreateForX509Collection (System.Security.Cryptography.X509Certificates.X509Certificate2Collection trustList, bool sendTrustInHandshake = false);
public static System.Net.Security.SslCertificateTrust CreateForX509Collection (System.Security.Cryptography.X509Certificates.X509Certificate2Collection trustList, bool sendTrustInHandshake = false);
[<System.Runtime.Versioning.UnsupportedOSPlatform("windows")>]
static member CreateForX509Collection : System.Security.Cryptography.X509Certificates.X509Certificate2Collection * bool -> System.Net.Security.SslCertificateTrust
static member CreateForX509Collection : System.Security.Cryptography.X509Certificates.X509Certificate2Collection * bool -> System.Net.Security.SslCertificateTrust
Public Shared Function CreateForX509Collection (trustList As X509Certificate2Collection, Optional sendTrustInHandshake As Boolean = false) As SslCertificateTrust

Parameters

trustList
X509Certificate2Collection

The collection containing the trusted certificates.

sendTrustInHandshake
Boolean

true for the server to send a list of trusted certificate authorities during the TLS handshake; false not to send the list.

Returns

Represents a trust policy.

Attributes

Exceptions

sendTrustInHandshake is true and the current platform does not support sending trusted issuers list in handshake.

Remarks

If the sendTrustInHandshake argument is true, the client can use the list of trusted certificate authorities from the server to select an appropriate client certificate. Sending trusted issuers list is not supported for SslCertificateTrust instances created using the SslCertificaetTrust.CreateForX509Collection in .NET 6.

Since .NET 7, the sending trusted issuers list is supported on Linux and OSX platforms.

Warning

The list of trusted CAs increases the size of the handshake message. It could also be viewed as an information leak about the system's configuration. For these reasons, we recommend setting sendTrustInHandshake to false.

Applies to