刚刚好奇,在VisualStudio中看了下Authing.CSharp.SDK反编译的源码,赫然发现Authing.CSharp.SDK.UtilsImpl.HttpClientService这个类的静态构造函数里面是这样写的:
m_HttpClient = new HttpClient(new HttpClientHandler
{
Proxy = null,
UseProxy = false,
ServerCertificateCustomValidationCallback = (HttpRequestMessage _003Cp0_003E, X509Certificate2 _003Cp1_003E, X509Chain _003Cp2_003E, SslPolicyErrors _003Cp3_003E) => true
});
本人绝非安全专家,但是这个ServerCertificateCustomValidationCallback 这样无条件返回true,真是很惊讶!
