如何通过桥接证书手动（以编程方式）验证服务器是否受信任？

Question

我需要验证服务器是否在计算机根证书存储中受信任，但需要适应可以使用网桥CA的情况。

According to MSDN，这种使用TCPClient然后打开套接字的方法似乎是检查SSL流的证书的最佳方法。

当我的函数点击ValidateServerCertificate函数时，我打算检查链对象，以确定是否在计算机的受信任的根证书存储中存储了根证书。很容易。

当我需要遵循一个 用于对多个PKI树进行交叉签名的“桥证书”。我不确定桥接证书是否会出现在本地商店，连锁店或其他某个地方（如果有的话）。

此外，我不确定如何遵循可能发生的分支逻辑，因为网桥可以出现在树的任何级别。

欢迎提出建议，方向或流程图

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;

namespace sockittome
{ 
    class Program
    {
        static void Main(string[] args)
        {

            string machineName = "pesecpolicy.bankofamerica.com";

            // Create a TCP/IP client socket.
            // machineName is the host running the server application.
            TcpClient client = new TcpClient(machineName, 443); 

            // Create an SSL stream that will close the client's stream.
            SslStream sslStream = new SslStream(
                client.GetStream(),
                false,
                new RemoteCertificateValidationCallback(ValidateServerCertificate),
                null
                );
            // The server name must match the name on the server certificate.
            try
            {
                sslStream.AuthenticateAsClient(machineName);
            }
            catch (AuthenticationException e)
            {
                Console.WriteLine("Exception: {0}", e.Message);
                if (e.InnerException != null)
                {
                    Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
                }
                Console.WriteLine("Authentication failed - closing the connection.");
                client.Close();
                return;
            }

        }

        // The following method is invoked by the RemoteCertificateValidationDelegate.
        public static bool ValidateServerCertificate(
              object sender,
              X509Certificate certificate,
              X509Chain chain,
              SslPolicyErrors sslPolicyErrors)
        {
            // How do I verify the root certificate is installed? 
            // What is the simple way (check certificate hash in the computer store)?
            // What is the complete way (look for bridge certificates ?????)          

            if (sslPolicyErrors == SslPolicyErrors.None)
                return true;

            Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

            // Do not allow this client to communicate with unauthenticated servers.
            return false;
        }
    }
}