如何根据验证程序“修复”远程证书无效。

发布于 2025-01-28 08:14:07 字数 769 浏览 3 评论 0原文

我将尝试通过MailKit发送电子邮件，但遇到了“ System.Security.authentication.authentication exception”错误的问题，该错误是“根据验证过程无效的远程证书”（丹麦语翻译）我的邮件服务器运行SSL TLS和TLS支持1.2版和1.3版。我的代码如下：我不希望它对太多代码 - 但是我不知道在哪里增强代码，以便它可以正确处理SSL :-(

错误出现在“ client.connect”行中（“ servername”（“ servername”））；

，是的

public void SendMail(string AFromMailAdr, string AFromName, string AToMailAdr, string AToName, string ASubject, string ABody)
{
    MimeMessage message = new MimeMessage();
    ...
    using (var client = new MailKit.Net.Smtp.SmtpClient())
    {
        client.Timeout = 30000;
        client.Connect("servername", 587, true);
        client.Authenticate("Username", "password");
        client.Send(message);
        client.Disconnect(true);
    }
}

， 587

原文

I am going to try to send emails via Mailkit but ran into problems with the error from "System.Security.Authentication.AuthenticationException" which is "The remote certificate is invalid according to the validation procedure" (translated from danish) My mailserver runs SSL TLS and the TLS supports version 1.2 and 1.3. my code is as below: I do not hope that it is to much code - but I do not know where to enhance the code so it can handle SSL correctly :-(

The error occur in the line "client.Connect("servername", 587, true);"

So my question is: How to avoid this error message via Mailkit?

public void SendMail(string AFromMailAdr, string AFromName, string AToMailAdr, string AToName, string ASubject, string ABody)
{
    MimeMessage message = new MimeMessage();
    ...
    using (var client = new MailKit.Net.Smtp.SmtpClient())
    {
        client.Timeout = 30000;
        client.Connect("servername", 587, true);
        client.Authenticate("Username", "password");
        client.Send(message);
        client.Disconnect(true);
    }
}

I have googlet a lot until now without finding the correct answer - so therefore I kindly ask here on SO.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

迷爱 2025-02-04 08:14:07

公平地说，应检查/纠正潜在的问题。

您可以控制MailKit如何使用

”您可以在回调函数中返回true; 。

MailKit文档中的代码：

using (var client = new MailKit.Net.Smtp.SmtpClient())
{
    // Set our custom SSL certificate validation callback.
    client.ServerCertificateValidationCallback = MySslCertificateValidationCallback;

    client.Timeout = 30000;
    client.Connect("servername", 587, true);
    client.Authenticate("Username", "password");
    client.Send(message);
    client.Disconnect(true);
}

    static bool MySslCertificateValidationCallback (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        // If there are no errors, then everything went smoothly.
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;

        // Note: MailKit will always pass the host name string as the `sender` argument.
        var host = (string) sender;

        if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) != 0) {
            // This means that the remote certificate is unavailable. Notify the user and return false.
            Console.WriteLine ("The SSL certificate was not available for {0}", host);
            return false;
        }

        if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != 0) {
            // This means that the server's SSL certificate did not match the host name that we are trying to connect to.
            var certificate2 = certificate as X509Certificate2;
            var cn = certificate2 != null ? certificate2.GetNameInfo (X509NameType.SimpleName, false) : certificate.Subject;

            Console.WriteLine ("The Common Name for the SSL certificate did not match {0}. Instead, it was {1}.", host, cn);
            return false;
        }

        // The only other errors left are chain errors.
        Console.WriteLine ("The SSL certificate for the server could not be validated for the following reasons:");

        // The first element's certificate will be the server's SSL certificate (and will match the `certificate` argument)
        // while the last element in the chain will typically either be the Root Certificate Authority's certificate -or- it
        // will be a non-authoritative self-signed certificate that the server admin created. 
        foreach (var element in chain.ChainElements) {
            // Each element in the chain will have its own status list. If the status list is empty, it means that the
            // certificate itself did not contain any errors.
            if (element.ChainElementStatus.Length == 0)
                continue;

            Console.WriteLine ("\u2022 {0}", element.Certificate.Subject);
            foreach (var error in element.ChainElementStatus) {
                // `error.StatusInformation` contains a human-readable error string while `error.Status` is the corresponding enum value.
                Console.WriteLine ("\t\u2022 {0}", error.StatusInformation);
            }
        }

        return false;
    }

To be fair, the underlying problem should be checked/corrected.

You can control how MailKit does the server certificate validation using a ServerCertificateValidationCallback

For debugging purposes you could return true; in the callback function.

Code from the MailKit documentation:

using (var client = new MailKit.Net.Smtp.SmtpClient())
{
    // Set our custom SSL certificate validation callback.
    client.ServerCertificateValidationCallback = MySslCertificateValidationCallback;

    client.Timeout = 30000;
    client.Connect("servername", 587, true);
    client.Authenticate("Username", "password");
    client.Send(message);
    client.Disconnect(true);
}

    static bool MySslCertificateValidationCallback (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        // If there are no errors, then everything went smoothly.
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;

        // Note: MailKit will always pass the host name string as the `sender` argument.
        var host = (string) sender;

        if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) != 0) {
            // This means that the remote certificate is unavailable. Notify the user and return false.
            Console.WriteLine ("The SSL certificate was not available for {0}", host);
            return false;
        }

        if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != 0) {
            // This means that the server's SSL certificate did not match the host name that we are trying to connect to.
            var certificate2 = certificate as X509Certificate2;
            var cn = certificate2 != null ? certificate2.GetNameInfo (X509NameType.SimpleName, false) : certificate.Subject;

            Console.WriteLine ("The Common Name for the SSL certificate did not match {0}. Instead, it was {1}.", host, cn);
            return false;
        }

        // The only other errors left are chain errors.
        Console.WriteLine ("The SSL certificate for the server could not be validated for the following reasons:");

        // The first element's certificate will be the server's SSL certificate (and will match the `certificate` argument)
        // while the last element in the chain will typically either be the Root Certificate Authority's certificate -or- it
        // will be a non-authoritative self-signed certificate that the server admin created. 
        foreach (var element in chain.ChainElements) {
            // Each element in the chain will have its own status list. If the status list is empty, it means that the
            // certificate itself did not contain any errors.
            if (element.ChainElementStatus.Length == 0)
                continue;

            Console.WriteLine ("\u2022 {0}", element.Certificate.Subject);
            foreach (var error in element.ChainElementStatus) {
                // `error.StatusInformation` contains a human-readable error string while `error.Status` is the corresponding enum value.
                Console.WriteLine ("\t\u2022 {0}", error.StatusInformation);
            }
        }

        return false;
    }

回复收藏 0 原文

~没有更多了~