Mailkit IMapClient 未命中 ServerCertificateValidationCallback 和 SslHandshakeException
Mailkit IMapClient not hitting ServerCertificateValidationCallback & SslHandshakeException
我正在尝试在 Windows Server 2019 计算机上使用以下代码连接到 IMAP 服务器:
using (var client = new ImapClient(new ProtocolLogger("protocol.log")))
{
var address = EnvReader.GetStringValue("EMAIL_ADDRESS");
var password = EnvReader.GetStringValue("EMAIL_PASSWORD");
var creds = new NetworkCredential(address, password);
client.CheckCertificateRevocation = false;
client.ServerCertificateValidationCallback = (s, c, h, e) =>
{
Console.WriteLine("ALL UP IN THIS CALLBACK" + e.ToString());
return true;
};
client.Connect("outlook.office365.com", 993, SecureSocketOptions.SslOnConnect);
client.Authenticate(address, password);
}
在我的 Mac 上,此代码运行得非常好,我可以连接并随后进行身份验证。
在 Windows 机器上我收到以下异常:
MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.
This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of
the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
4. The certificate presented by the server is expired or invalid.
5. The set of SSL/TLS protocols supported by the client and server do not match.
6. You are trying to connect to a port which does not support SSL/TLS.
See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException for possible solutions
根据链接的常见问题解答中的信息,我添加了 ServerCertificateValidationCallback,但是从未命中回调(仍然抛出前面提到的异常,从未发生相关的控制台日志记录,并且从未命中回调中的断点在调试时)。
根据我的阅读,ServerCertificateValidationCallback 应该处理异常消息提到的情况 #1-4。我可以在 Mac 上的指定端口上进行连接这一事实似乎排除了案例 #6(我还尝试了端口 143 + SecureSocketOptions.StartTls)。剩下案例 #5,但是,我找不到任何表明 Windows Server 2019 无法处理 SSL/TSL 协议的信息。
对于 a) 处理此异常 and/or b) 找出 ServerCertificateValidationCallback 未触发的原因的任何想法将不胜感激。
编辑:我的项目引用了 .NET 5.0
让我们来看看每一种可能性:
- The server is using a self-signed certificate which cannot be verified.
outlook。office365.com 不会使用自签名证书,因此在这种情况下这不是问题。
- The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
这个很有可能,但 ServerCertificateValidationCallback 覆盖应该覆盖这个失败。但是,它没有被击中...所以它实际上并没有绕过这个潜在的错误。
- A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
这将被 client.CheckCertificateRevocation = false;
否定
- The certificate presented by the server is expired or invalid.
事实并非如此,因为证书要到 2022 年 1 月 21 日才会过期。
- The set of SSL/TLS protocols supported by the client and server do not match.
服务器至少支持 TLSv1.2,这是 MailKit 在所有目标框架版本(.NET 4.5 -> 5.0 + netstandard2.x 中)支持的默认 TLS 协议版本。
- You are trying to connect to a port which does not support SSL/TLS.
端口 993
是正确的端口,SslOnConnect
是正确的选项,所以这不是问题所在。
假设 MailKit 的 SslStream.AuthenticateAsClientAsync() 调用中没有错误传入验证回调方法(.NET 5.0 与其他版本不同),那么 InnerException
是什么?也许这会提供一些见解。
我正在尝试在 Windows Server 2019 计算机上使用以下代码连接到 IMAP 服务器:
using (var client = new ImapClient(new ProtocolLogger("protocol.log")))
{
var address = EnvReader.GetStringValue("EMAIL_ADDRESS");
var password = EnvReader.GetStringValue("EMAIL_PASSWORD");
var creds = new NetworkCredential(address, password);
client.CheckCertificateRevocation = false;
client.ServerCertificateValidationCallback = (s, c, h, e) =>
{
Console.WriteLine("ALL UP IN THIS CALLBACK" + e.ToString());
return true;
};
client.Connect("outlook.office365.com", 993, SecureSocketOptions.SslOnConnect);
client.Authenticate(address, password);
}
在我的 Mac 上,此代码运行得非常好,我可以连接并随后进行身份验证。
在 Windows 机器上我收到以下异常:
MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.
This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of
the following reasons:
1. The server is using a self-signed certificate which cannot be verified.
2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
3. A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
4. The certificate presented by the server is expired or invalid.
5. The set of SSL/TLS protocols supported by the client and server do not match.
6. You are trying to connect to a port which does not support SSL/TLS.
See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException for possible solutions
根据链接的常见问题解答中的信息,我添加了 ServerCertificateValidationCallback,但是从未命中回调(仍然抛出前面提到的异常,从未发生相关的控制台日志记录,并且从未命中回调中的断点在调试时)。
根据我的阅读,ServerCertificateValidationCallback 应该处理异常消息提到的情况 #1-4。我可以在 Mac 上的指定端口上进行连接这一事实似乎排除了案例 #6(我还尝试了端口 143 + SecureSocketOptions.StartTls)。剩下案例 #5,但是,我找不到任何表明 Windows Server 2019 无法处理 SSL/TSL 协议的信息。
对于 a) 处理此异常 and/or b) 找出 ServerCertificateValidationCallback 未触发的原因的任何想法将不胜感激。
编辑:我的项目引用了 .NET 5.0
让我们来看看每一种可能性:
- The server is using a self-signed certificate which cannot be verified.
outlook。office365.com 不会使用自签名证书,因此在这种情况下这不是问题。
- The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
这个很有可能,但 ServerCertificateValidationCallback 覆盖应该覆盖这个失败。但是,它没有被击中...所以它实际上并没有绕过这个潜在的错误。
- A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
这将被 client.CheckCertificateRevocation = false;
- The certificate presented by the server is expired or invalid.
事实并非如此,因为证书要到 2022 年 1 月 21 日才会过期。
- The set of SSL/TLS protocols supported by the client and server do not match.
服务器至少支持 TLSv1.2,这是 MailKit 在所有目标框架版本(.NET 4.5 -> 5.0 + netstandard2.x 中)支持的默认 TLS 协议版本。
- You are trying to connect to a port which does not support SSL/TLS.
端口 993
是正确的端口,SslOnConnect
是正确的选项,所以这不是问题所在。
假设 MailKit 的 SslStream.AuthenticateAsClientAsync() 调用中没有错误传入验证回调方法(.NET 5.0 与其他版本不同),那么 InnerException
是什么?也许这会提供一些见解。