login about faq

Using the apple email account setup program on the iphone, I can successfully connect to an exchange server which has an invalid certificate. I am prompted that the certificate is invalid, but can select that I am happy to continue.

Using the chilkat IMAP api I would like to achieve the same effect for my own email client. Can I somehow provide an option to the imap Connect method where I can set the /novalidate-cert flag for example, or is there a better way?

asked Oct 20 '14 at 20:07

Mark1973's gravatar image


I haven't tried this myself, but the following 2 properties look interesting:

RequireSslCertVerify If 1, then the FTP2 client will verify the server's SSL certificate. The certificate is expired, or if the cert's signature is invalid, the connection is not allowed. The default value of this property is 0.

SslServerCertVerified Read-only property that returns 1 if the IMAP server's digital certificate was verified when connecting via SSL / TLS.

(Note to Chilkat - there appears to be a copy & paste error in the IMAP documentation for RequireSslCertVerify as it mentions FTP2 instead of IMAP).

I think you could set RequireSslCertVerify to 1, then attempt to connect. If the connection fails, check if the SslServerCertVerified property is 0. If so, prompt the user to confirm if they want to connect anyway. If they do want to connect, set the RequireSslCertVerify property to 0 and connect again (it should now work even with the bad certificate).


answered Oct 21 '14 at 09:00

jpbro's gravatar image

jpbro ♦

Thanks! Yes, by default Chilkat will not verify the SSL server certificate. An application should explicitly set RequireSslCertVerify to enforce server certificate verification if desired.

(Oct 21 '14 at 09:17) chilkat ♦♦

Hi thanks for the response,

Unfortunately, i am not really having any luck - the connection appears to timeout due to a connection rejected.I can connect with the apple email client, or indeed by a web browser - I do of course get the certificate error message.

If Chilkat doesn't validate the SSL certificate by default anyway - something strange is happening with the connection rejection because I am not setting the flag to perform the validation.

CkoImap *imap = [[CkoImap alloc] init];
    BOOL success;
    imap.KeepSessionLog = YES;
    imap.VerboseLogging = YES;
    imap.Ssl = ssl;
    imap.Port = [[NSNumber alloc] initWithInt:993];
    imap.ConnectTimeout = [[NSNumber alloc] initWithInt:300];
    success = [imap Connect:@"mail.architectusbrisbane.com.au"];

ChilkatLog: Connect_Imap(75436ms): DllDate: Oct 2 2014 ChilkatVersion: Architecture: Little Endian; 64-bit Language: IOS Objective-C VerboseLogging: 1 connectToImapServer(75436ms): hostname: mail.architectusbrisbane.com.au port: 993 socket2Connect(75436ms): connect2(75436ms): hostname: mail.architectusbrisbane.com.au port: 993 ssl: 1 connectImplicitSsl(75436ms): connectSocket(75436ms): domainOrIpAddress: mail.architectusbrisbane.com.au port: 993 connectTimeoutMs: 300000 connect_ipv6_or_ipv4(75436ms): Single-threaded domain to IP address resolution AddrInfoList: AddrInfo: ai_flags: 0 ai_family: 2 ai_socktype: 1 ai_protocol: 6 ai_addrlen: 16 ai_canonname: (NULL) --AddrInfo --AddrInfoList connecting to IPV4 address... ipAddress: connect(75265ms): Waiting for the connect to complete... getsockopt indicates an error. socketErrno: 60 socketError: Operation timed out --connect --connect_ipv6_or_ipv4 --connectSocket pmConnect failed. --connectImplicitSsl ConnectFailReason: Connection rejected --connect2 --socket2Connect failReason: 7 --connectToImapServer connect failed. --Connect_Imap --ChilkatLog


answered Oct 21 '14 at 20:11

Mark1973's gravatar image



This error has to do with establishing the TCP/IP socket connection. Most likely, the server at "mail.architecturebrisbane.com.au" is not listening at port 993, or a firewall, anti-virus, etc, is blocking the connection. The server certificate validation does not come into play until later -- until after the TCP connection is made and the TLS handshake is in progress.

(Oct 21 '14 at 20:25) chilkat ♦♦

I also tried connecting to the server at port 993 using telnet,and it failed with a timeout. Maybe your server is using a non-standard port? If so, try setting the Port property of the ChilkatImap object to the non-standard port #.

(Oct 21 '14 at 20:33) jpbro ♦

using open_ssl I cannot connect to this exchange server - however I can connect to another exchange server which I found instructions for on the internet.

It seems to be the case that the exchange server is perhaps rejecting the connection, or indeed listing on a different port. This leaves me with the question - how is the apple email program managing to connect to it - is there perhaps another technology it can use - I do notice that some documents refer to imap/pop/exchange.


(Oct 22 '14 at 02:14) Mark1973

All Chilkat client-to-server communications begin with establishing a TCP socket connection. This applies to all protocols: FTP, SSH, IMAP, SMTP, POP3, HTTP, etc. and it makes no difference whether SSL/TLS is used or not. The initial step is to establish a TCP connection (IPv4 in this case, but IPv6 is also supported), and the destination (target) is an IP address and port. If a domain name is provided, such as "mail.architecturebrisbane.com", then this is resolved to an IP address first. It all boils down to a simple call to the "connect" system call (see http://linux.die.net/man/2/connect ) If SSL/TLS or SSH is used to secure the connection, then this happens after the initial TCP connection.

If the initial connect fails, then it can be for some of the following reasons. (It is not reasonable to suspect a defect within the Chilkat code regarding the ability to establish the initial TCP connection.)

  1. No server is listening at the remote host:port.
  2. A firewall, either software or hardware, located on either the client or server-side, is blocking the connection. Software firewalls can allow "known programs" access, but block others.
  3. Anti-virus can block connections.

If you have other software that seems to connect to the same host:port, such as FileZilla, Outlook, the Apple Email program, PuTTY, etc., then it's likely not doing what you think it's doing. For example, maybe the program is using a proxy, or maybe the email client is using POP3 and not IMAP. My only suggestion is to look more closely at the given app to see exactly what it is doing.


answered Oct 22 '14 at 10:15

chilkat's gravatar image

chilkat ♦♦

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Oct 20 '14 at 20:07

Seen: 1,910 times

Last updated: Oct 22 '14 at 10:15

powered by OSQA