From 0ac9968517521a0d70e3b960642de00ac4e1cb93 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 14 Mar 2026 07:22:57 +0000
Subject: [PATCH 1/2] Initial plan


From 23a8a98e7d6189abd43d7b637d6b190346c1312f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 14 Mar 2026 07:26:51 +0000
Subject: [PATCH 2/2] Fix SSL policy error handling in DockerMessageHandler

Co-authored-by: henrikhimself <1175002+henrikhimself@users.noreply.github.com>
---
 src/RemoteContainers.Aspire/Docker/DockerMessageHandler.cs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/RemoteContainers.Aspire/Docker/DockerMessageHandler.cs b/src/RemoteContainers.Aspire/Docker/DockerMessageHandler.cs
index 0237035..d2a3677 100644
--- a/src/RemoteContainers.Aspire/Docker/DockerMessageHandler.cs
+++ b/src/RemoteContainers.Aspire/Docker/DockerMessageHandler.cs
@@ -14,6 +14,7 @@
 // limitations under the License.
 // </copyright>
 
+using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 
 namespace Hj.RemoteContainers.Aspire.Docker;
@@ -34,9 +35,9 @@ public HttpMessageHandler Init()
     if (_dockerCertificate.TryGetCertificate(out _caCert, out _clientCert))
     {
       ClientCertificates.Add(_clientCert);
-      ServerCertificateCustomValidationCallback = (_, serverCert, chain, _) =>
+      ServerCertificateCustomValidationCallback = (_, serverCert, chain, sslPolicyErrors) =>
       {
-        if (serverCert is null || chain is null)
+        if (serverCert is null || chain is null || (sslPolicyErrors & ~SslPolicyErrors.RemoteCertificateChainErrors) != SslPolicyErrors.None)
         {
           return false;
         }