Self signed certificate error- Aspose Network IMAP

Hi,

Im trying to connect to an Imap server using VB.Net and Aspose Network -

Just the server uses a self signed certificate, and the application is throwing an error as below:

*****
C:\Documents and Settings\domu\Dokumenty\Visual Studio 2008\Projects\MailChecker
\MailChecker\bin\Release>MailChecker.exe
Server's certificate was rejected by the verifier because of an unknown certificate authority.
*****

The code of the application is as below :

*****
Dim imap As New Aspose.Network.Imap.ImapClient("email.fluid-rock.com", 993, myusername, mypassword)

imap.EnableSsl = True

imap.SecurityMode = Aspose.Network.Imap.ImapSslSecurityMode.Implicit

Try

imap.Connect(True)

imap.SelectFolder(ImapFolderInfo.InBox)
******


I read all documentation and I honestly dont know how to make Aspose ignore a self signed certificate, accept it and go ahead to do its job.

Any ideas to enlighten me please ?




Cheers,


Rove.

Hi Rove,

Thanks for considering Aspose.

Could you please share how you created the self signed certificate and which IMAP server are you using?

I did some tests on a trial version of MDaemon mail server, created a self signed certificate using its own built in functions and run the same code as yours. It got connected successfully and I was able to read the messages using Aspose.Network.

Please check the attached hotfix. If the certificate is signed by un-authorized authority e.g. self-signed certificate, it will ignore and connect to the Imap server.

I was actually able to repro this behavior by creating a self-signing certificate using another method.

Hi Saqib,

Sorry for thye delay in the reply, I was very busy at work and did not have a chance to reply earlier.

Thanks a million for that.

As a suggestion, the mechanism should be something similar to

imap.IgnoreCertificateError = True

For security, in some scenarios, you might need to Catch an exception if the certificate is not valid or does not match your stored certificate, to make sure neither DNS or Server have been tampered with and there is no man-in-the-middle.

Similar to the key/certificate mechanism in SSH.


Thanks million again,


Rove.

Hi Rove,

Thanks for the suggestion.

We will consider handling this scenario in future releases by adding some Unknown certificate authority checks for security purposes. The idea is to accept private certificates, if you explicitly allow them by setting a property like AllowUnKnownCA or so…