automatically validate/accept server certificate

0 votes
asked May 25, 2011 by martin (1,010 points)
edited May 25, 2011

hello, in our non-gui application we want to use explicit security on imap-connection. The validation of the server certificate should be done in hidden mode, without knowing the hostname to be set to the TlsParameters.CommonName property. Is this possible and how? At the moment we always get an error by using the CertificateRequestHandler.StoreSearch

Error: Server certificate was rejected by the verifier because the certificate's common name '*.genotec.ch' does not match the hostname 'mail.myfactoryschweiz.ch'

Applies to: Rebex Secure Mail

1 Answer

+1 vote
answered May 25, 2011 by Lukas Matyska (47,950 points)
edited May 25, 2011
 
Best answer

The simplest way for this case is to write an ICertificateVerifier implementation which ignores the HostName/CommonName as follows:

public class MyCertificateVerifier : ICertificateVerifier
{
    public TlsCertificateAcceptance Verify(TlsSocket socket, string commonName, CertificateChain certificateChain)
    {
        return CertificateVerifier.Default.Verify(socket, null, certificateChain);
    }
}

Sample of use with the Imap object follows:

TlsParameters parameters = new TlsParameters();
parameters.CertificateVerifier = new MyCertificateVerifier();

Imap client = new Imap();
client.Connect("mail.myfactoryschweiz.ch", Imap.DefaultPort, parameters, ImapSecurity.Explicit);
...