certificate verifier: set validation status back to smtp class context

Question

hello,

I wrote a custom certificate verifier as described in: http://www.rebex.net/secure-mail.net/tutorial-ssl.aspx#Validating-and-examining-server-certificates

I want to accept all certificates, regardless if they are valid or not, but want to raise a warning if there is an error in certificate validation. I need to communicate the validation result (a string for ex.) back to the instance of the SMTP class where the secure socket belongs to.

is there some easy way to do this? thanks, - fritz

Answer 1

There are two things that complicate this: 1. The validation routine is invoked by TlsSocket class that is not aware of the existence of Smtp class (it is in lower-level assembly) 2. The Smtp class doesn't have any property/field to store custom strings/objects.

To overcome this, you can implement a custom class that inherits from Smtp and adds some kind of storage. Then, pass this to your custom certificate verifier.

C# sample:

    public class Smtp2 : Smtp
    {
        public string ValidationMessage {get; set; }
    }

    public class CustomCertificateVerifier : ICertificateVerifier
    {
        private readonly Smtp2 _smtp;

        public CustomCertificateVerifier(Smtp2 smtp)
        {
            _smtp = smtp;
        }

        public TlsCertificateAcceptance Verify(TlsSocket socket, string commonName, CertificateChain certificateChain)
        {
            // perform some kind of verification here

            // report a string back to the Smtp2 class
            _smtp.ValidationMessage = "Some validation result.";

            // accept everything
            return TlsCertificateAcceptance.Accept;
        }
    }

Answer 2

ok, thanks a lot, Lukas. this rang the bell. what I finally did is:

define a CCVParms class with a member which will contain the validation result.

I added to the CertificateVerifier class:

private _cvParms as CCVParms
PUBLIC SUB NEW(byval oCVParms as CCVParms)
_cvParms = oCVParms
END SUB

in the Verify function, I store the validation result in _cvParms

finally, when creating the new CustomCertificateVerifier instance, I pass an instance of the CCVParms class with adequate scope to its constructor.

in fact,I did not need the validation result as a member of the SMTP class, just needed to access the result inside the SMTP event handlers. thanks very much for your help.

btw: Lukas, I tried to add this post as a comment to your post, but this did not seem to work. so I choose to answer my own question. - fritz