Testing Secure Email

I have implemented both SMTP and POP3 to send and receive emails using SSL. However I don't know how to go about testing them as Gmail for instance will always return a valid certificate. I need to prove to a customer that this component works as expected by demonstrating that an expired certificate for instance will throw an exception in the callback function. What is the best way to test this functionality? Maybe I need to create my own test environment using Exchange and configuring it to use an invalid certificate?

The other scenario I have is that attaching my own expired certificate when sending email via SMTP to Gmail does not cause Gmail to complain and it always lets me send regardless of what certificate I have attached. Why does Gmail do this and how do I get around this in order to test what happens when sending with an invalid certificate.

Hi Martin,

Thank you for your inquiry.

You can use the sample code for remote server certificate validation 1 as shown below for this purpose. In order to prove this, set the return value of the method to false and then try connecting to the Exchange server. It shall raise an exception.

Code:

// This event handler is called when SSL certificate is verified
private static bool RemoteCertificateValidationHandler(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    return false; //true=Ignore the checks and go ahead, false= don't ignore
}

For SmtpClient, you can use the same method with the following sample code. The SSLExplicit requires the validation to be True, which we have set to false in our case, and hence the code raises exception.

Code:

SmtpClient client = new SmtpClient("smtp.gmail.com", 587, "username", "password", SecurityOptions.SSLExplicit);

MailMessage message = new MailMessage(
    "username@gmail.com",
    "to@gmail.com",
    "EMAILNET - " + Guid.NewGuid().ToString(),
    "");
client.Send(message);