certificate verifier: set validation status back to smtp class context

1

hello,

I wrote a custom certificate verifier as described in: http://www.rebex.net/secure-mail.net/tutorial-ssl.aspx#Validating-and-examining-server-certificates

I want to accept all certificates, regardless if they are valid or not, but want to raise a warning if there is an error in certificate validation. I need to communicate the validation result (a string for ex.) back to the instance of the SMTP class where the secure socket belongs to.

is there some easy way to do this? thanks, - fritz

asked 03 Sep '10, 10:19

Fritz's gravatar image

Fritz
402
accept rate: 50%

2 Answers:
oldestnewestmost voted
1

There are two things that complicate this: 1. The validation routine is invoked by TlsSocket class that is not aware of the existence of Smtp class (it is in lower-level assembly) 2. The Smtp class doesn't have any property/field to store custom strings/objects.

To overcome this, you can implement a custom class that inherits from Smtp and adds some kind of storage. Then, pass this to your custom certificate verifier.

C# sample:

    public class Smtp2 : Smtp
    {
        public string ValidationMessage {get; set; }
    }

    public class CustomCertificateVerifier : ICertificateVerifier
    {
        private readonly Smtp2 _smtp;

        public CustomCertificateVerifier(Smtp2 smtp)
        {
            _smtp = smtp;
        }

        public TlsCertificateAcceptance Verify(TlsSocket socket, string commonName, CertificateChain certificateChain)
        {
            // perform some kind of verification here

            // report a string back to the Smtp2 class
            _smtp.ValidationMessage = "Some validation result.";

            // accept everything
            return TlsCertificateAcceptance.Accept;
        }
    }
link

answered 03 Sep '10, 12:18

Lukas%20Pokorny's gravatar image

Lukas Pokorny ♦♦
2.2k18
accept rate: 32%

0

ok, thanks a lot, Lukas. this rang the bell. what I finally did is:

define a CCVParms class with a member which will contain the validation result.

I added to the CertificateVerifier class:

private _cvParms as CCVParms
PUBLIC SUB NEW(byval oCVParms as CCVParms)
_cvParms = oCVParms
END SUB

in the Verify function, I store the validation result in _cvParms

finally, when creating the new CustomCertificateVerifier instance, I pass an instance of the CCVParms class with adequate scope to its constructor.

in fact,I did not need the validation result as a member of the SMTP class, just needed to access the result inside the SMTP event handlers. thanks very much for your help.

btw: Lukas, I tried to add this post as a comment to your post, but this did not seem to work. so I choose to answer my own question. - fritz

link

answered 03 Sep '10, 14:11

Fritz's gravatar image

Fritz
402
accept rate: 50%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×12

Asked: 03 Sep '10, 10:19

Seen: 369 times

Last updated: 03 Sep '10, 14:11

Related questions

No connection could be made because the target machine actively refused it.

Sending and Receiving Calendar Appointments???

ImapSecurity.Implicit is not in the library

TlsException HandshakeFailure

How do I determine if a server requires an SSL connection.

FTP SSL login Handshake problem

TlsSocket.BeginReceive problem

SmtpClient.EnableSsl equivalent property in Rebex.Mail

FTP/SSL Certificate Verifier causes crash on OS/X (Mono)

Rebex Secure Mail: Certificate verifier problem on mono