The ValidatingCertificate
even returns the certificate chain as received from the server. These usually lack the root certificate (due to the assumption that the client must already possess it anyway).
If you need to access the root certificate in your ValidatingCertificate
event handler, just rebuild the chain, taking into account the CA certificates trusted by the local OS:
void Event_ValidatingCertificate(object sender, SslCertificateValidationEventArgs e)
{
CertificateChain chain = CertificateEngine.Default.BuildChain(e.Certificate, e.CertificateChain);
...
}
The chain
will have RootCertificate
populated if the CA certificate is available locally.
Note: An equivalent process is performed during the validation of the root-less chain, which is the reason it validates correctly.