i) When the trust between the client and server cannot be established via TLS (HTTPS is HTTP over TLS), a
TlsException is thrown and will appear in the exception chain cought by your application. To find the
TlsException, pass the caught exception to a routine such as this one:
private TlsException GetTlsException(Exception error)
while (error != null)
var tlsError = error as TlsException;
if (tlsError != null)
error = error.InnerException;
However, we have to point out that it is strongly discouraged to fall back to HTTP mode when HTTP over TLS does not work. Doing so would make it trivial for an attacker to force your connections into unencrypted mode simply by disrupting the TLS traffic.
ii), iii), v) Once you find the
TlsException using the approach described above, inspect its
ProtocolMessage property. It will contain one of the following values:
These correspond to TLS error alerts and include certificate errors you are interested in.
iv) When the client certificate returned by a certificate request handler doesn't is not associated with a private key, a
"InternalError" and a
"Certificate does not have a private key." will be thrown. It's recommended to prevent this from occurring by making sure that the certificate retured by a custom certificate request handler has a private key - use
HasPrivateKey method to make sure.