Using the apple email account setup program on the iphone, I can successfully connect to an exchange server which has an invalid certificate. I am prompted that the certificate is invalid, but can select that I am happy to continue.
Using the chilkat IMAP api I would like to achieve the same effect for my own email client. Can I somehow provide an option to the imap Connect method where I can set the /novalidate-cert flag for example, or is there a better way?
asked Oct 20 '14 at 20:07
I haven't tried this myself, but the following 2 properties look interesting:
RequireSslCertVerify If 1, then the FTP2 client will verify the server's SSL certificate. The certificate is expired, or if the cert's signature is invalid, the connection is not allowed. The default value of this property is 0.
SslServerCertVerified Read-only property that returns 1 if the IMAP server's digital certificate was verified when connecting via SSL / TLS.
(Note to Chilkat - there appears to be a copy & paste error in the IMAP documentation for RequireSslCertVerify as it mentions FTP2 instead of IMAP).
I think you could set RequireSslCertVerify to 1, then attempt to connect. If the connection fails, check if the SslServerCertVerified property is 0. If so, prompt the user to confirm if they want to connect anyway. If they do want to connect, set the RequireSslCertVerify property to 0 and connect again (it should now work even with the bad certificate).
answered Oct 21 '14 at 09:00
Hi thanks for the response,
Unfortunately, i am not really having any luck - the connection appears to timeout due to a connection rejected.I can connect with the apple email client, or indeed by a web browser - I do of course get the certificate error message.
If Chilkat doesn't validate the SSL certificate by default anyway - something strange is happening with the connection rejection because I am not setting the flag to perform the validation.
CkoImap *imap = [[CkoImap alloc] init]; BOOL success; imap.KeepSessionLog = YES; imap.VerboseLogging = YES; imap.Ssl = ssl; imap.Port = [[NSNumber alloc] initWithInt:993]; imap.ConnectTimeout = [[NSNumber alloc] initWithInt:300]; success = [imap Connect:@"mail.architectusbrisbane.com.au"];
answered Oct 21 '14 at 20:11
All Chilkat client-to-server communications begin with establishing a TCP socket connection. This applies to all protocols: FTP, SSH, IMAP, SMTP, POP3, HTTP, etc. and it makes no difference whether SSL/TLS is used or not. The initial step is to establish a TCP connection (IPv4 in this case, but IPv6 is also supported), and the destination (target) is an IP address and port. If a domain name is provided, such as "mail.architecturebrisbane.com", then this is resolved to an IP address first. It all boils down to a simple call to the "connect" system call (see http://linux.die.net/man/2/connect ) If SSL/TLS or SSH is used to secure the connection, then this happens after the initial TCP connection.
If the initial connect fails, then it can be for some of the following reasons. (It is not reasonable to suspect a defect within the Chilkat code regarding the ability to establish the initial TCP connection.)
If you have other software that seems to connect to the same host:port, such as FileZilla, Outlook, the Apple Email program, PuTTY, etc., then it's likely not doing what you think it's doing. For example, maybe the program is using a proxy, or maybe the email client is using POP3 and not IMAP. My only suggestion is to look more closely at the given app to see exactly what it is doing.
answered Oct 22 '14 at 10:15