SSL and SMTP

I've successfully used the ICertificatePolicy hack before to connect
to https but this doesn't seem to work for sending Gmail.  Please see
the following code:

using System;
using System.Net;
using System.Net.Mail;

namespace Tester
{
    class Program
    {
        static void Main(string[] args)
        {
            var from = new MailAddress("[hidden email]");
            var to = new MailAddress("[hidden email]", "Sr. To");
            var mail = new MailMessage(from, to);

            // Set the content.
            mail.Subject = "Subject";
            mail.Body = "Test";

            // Send the message.
            SmtpClient smtp = new SmtpClient("smtp.gmail.com");
            smtp.EnableSsl = true;
            smtp.Credentials = new NetworkCredential("[hidden email]",
"p4ssw0rd");

            // No worky???
            ServicePointManager.CertificatePolicy = new
TrustAllCertificatePolicy();

            smtp.Send(mail);
        }
    }

    public class TrustAllCertificatePolicy : ICertificatePolicy
    {
        public TrustAllCertificatePolicy() { }

        public bool CheckValidationResult(
            ServicePoint sp, X509Certificate cert, WebRequest req, int problem)
        {
            return true;
        }
    }
}

I'm getting the typical certificate exception:

System.IO.IOException: The authentication or decryption has failed.
---> System.InvalidOperationException: SSL authentication error:
RemoteCertificateChainErrors
  at System.Net.Mail.SmtpClient.<SmtpClient>c__38 (System.Object
sender, System.Security.Cryptography.X509Certificates.X509Certificate
certificate, System.Security.Cryptography.X509Certificates.X509Chain
chain, SslPolicyErrors sslPolicyErrors) [0x00000]

Is there any way to do this w/o the need of importing the certificate chain?

Thanks.
-Abe
_______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list

On Tue, 2008-11-11 at 11:29 -0500, Abe Gillespie wrote:
> I've successfully used the ICertificatePolicy hack before to connect
> to https but this doesn't seem to work for sending Gmail.  Please see
> the following code:
[...]
>
>             // Send the message.
>             SmtpClient smtp = new SmtpClient("smtp.gmail.com");
>             smtp.EnableSsl = true;

Try adding: "smtp.Port = 587;" there. It works fine for me that way.

-Gonzalo


_______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list

Nope, same problem.  Are you sure you don't already have the proper
certificates installed and it would therefore succeed?

-Abe

On Tue, Nov 11, 2008 at 11:33 AM, Gonzalo Paniagua Javier
<[hidden email]> wrote: _______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list

On Tue, 2008-11-11 at 11:46 -0500, Abe Gillespie wrote:
> Nope, same problem.  Are you sure you don't already have the proper
> certificates installed and it would therefore succeed?

I do have the mozilla certificates. That's why it works.
Your callback is never called on MS and is never called on Mono. So
looks like your only option for that to work is to import those
certificates into the "mono" store.

-Gonzalo


_______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list

Hmm ... yeah, was afraid of that.  I attempted this before but was
unsuccessful due to not importing the entire chain???  (if that's even
the correct terminology)  I admit I'm pretty ignorant on the subject.

I need to import the certs for the account on which the Mono / asp.net
process runs (the Apache account I assume); I auto-send emails when
people sign up for an account on my site and when they make purchases.
 I'm aware of this FAQ:  http://www.mono-project.com/FAQ:_Security but
are there any other resources specific to my case (sending email via
SSL from asp.net)?

Thanks for all the help.
-Abe

On Tue, Nov 11, 2008 at 12:03 PM, Gonzalo Paniagua Javier
<[hidden email]> wrote: _______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list

On Tue, 2008-11-11 at 12:14 -0500, Abe Gillespie wrote:
> Hmm ... yeah, was afraid of that.  I attempted this before but was
> unsuccessful due to not importing the entire chain???  (if that's even
> the correct terminology)  I admit I'm pretty ignorant on the subject.

Look at the source code for mozroots [1] and certmgr [2] in particular
the --ssl option

[1] /mcs/tools/security/mozroots.cs
[2] /mcs/tools/security/certmgr.cs

> I need to import the certs for the account on which the Mono / asp.net
> process runs (the Apache account I assume); I auto-send emails when
> people sign up for an account on my site and when they make purchases.
>  I'm aware of this FAQ:  http://www.mono-project.com/FAQ:_Security but
> are there any other resources specific to my case (sending email via
> SSL from asp.net)?

Do something like:
(a) try sending email
(b) catch exception
(c) download using *http* (like [2]) the certificate required for the
site
(d) install them (like [1] and [2])
(e) re-send email

Sebastien

_______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list

For the record, these procedure got me working (you need to follow all steps):

http://go-mono.com/forums/#nabble-td19851624|a19892174

On Tue, Nov 11, 2008 at 1:12 PM, Sebastien Pouliot
<[hidden email]> wrote: _______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list

Hello,

> For the record, these procedure got me working (you need to follow all steps):
>
> http://go-mono.com/forums/#nabble-td19851624|a19892174

This question keeps popping up in the forums and irc, it seems like we
need to add this to the FAQ.


_______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list

On Mon, 2008-11-17 at 00:05 -0500, Miguel de Icaza wrote:
> Hello,
>
> > For the record, these procedure got me working (you need to follow all steps):
> >
> > http://go-mono.com/forums/#nabble-td19851624|a19892174
>
> This question keeps popping up in the forums and irc, it seems like we
> need to add this to the FAQ.

Added

http://www.mono-project.com/FAQ:_Security#Does_SSL_works_for_SMTP.2C_like_GMail_.3F

Sebastien

_______________________________________________
Mono-list maillist  -  [hidden email]
http://lists.ximian.com/mailman/listinfo/mono-list