0 votes
by (990 points)
edited

hello, in our non-gui application we want to use explicit security on imap-connection. The validation of the server certificate should be done in hidden mode, without knowing the hostname to be set to the TlsParameters.CommonName property. Is this possible and how? At the moment we always get an error by using the CertificateRequestHandler.StoreSearch

Error: Server certificate was rejected by the verifier because the certificate's common name '*.genotec.ch' does not match the hostname 'mail.myfactoryschweiz.ch'

Applies to: Rebex Secure Mail

1 Answer

+1 vote
by (72.7k points)
edited
 
Best answer

The simplest way for this case is to write an ICertificateVerifier implementation which ignores the HostName/CommonName as follows:

public class MyCertificateVerifier : ICertificateVerifier
{
    public TlsCertificateAcceptance Verify(TlsSocket socket, string commonName, CertificateChain certificateChain)
    {
        return CertificateVerifier.Default.Verify(socket, null, certificateChain);
    }
}

Sample of use with the Imap object follows:

TlsParameters parameters = new TlsParameters();
parameters.CertificateVerifier = new MyCertificateVerifier();

Imap client = new Imap();
client.Connect("mail.myfactoryschweiz.ch", Imap.DefaultPort, parameters, ImapSecurity.Explicit);
...