[jira] [Commented] (LOG4NET-315) SmtpAppender - Add support for ignoring certificate errors

[Jim Scott (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/LOG4NET-315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136036#comment-13136036
 ] 

Jim Scott commented on LOG4NET-315:
-----------------------------------

I did some testing today and my above suggestion will not work as I was 
expecting it to. By setting the callback method on 
ServicePointManager.ServerCertificateValidationCallback you effectively 
disable/enable SSL validation for the entire application. 

So given that is the case it would be simpler to override the need for SSL 
validation in your app.config or web.config 

This also means by previous mentioned approach is invalid. Would still be great 
if we could figure out a way to disable certificate validation for just the 
request interested in making.


Here is how it is done at the application level.

 <system.net>
    <settings>
      <!-- Allows for the SSL Certificate to be self-signed or invalid.  -->
      <servicePointManager checkCertificateName="false" />
    </settings>
  </system.net>


                
> SmtpAppender - Add support for ignoring certificate errors
> ----------------------------------------------------------
>
>                 Key: LOG4NET-315
>                 URL: https://issues.apache.org/jira/browse/LOG4NET-315
>             Project: Log4net
>          Issue Type: Improvement
>          Components: Appenders
>    Affects Versions: 1.2.11
>            Reporter: Jim Scott
>            Priority: Minor
>             Fix For: 1.2.12
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> As of 1.2.11 the SmtpAppender now has support for enabling smtp connections 
> to use SSL. It is pretty common to have an SMTP server that is using a 
> Self-Signed certificate which will fail the certificate validation. While you 
> can override the certificate error on an application level to overcome this 
> you might want to limit the ignoring of the certificate error just to the 
> appender.
> Proposed Changes
> Add property that allows one to indicate they wish to ignore certificate 
> failures.
> DisableCertificateValidation
> Add a line like this to SendBuffer method
> ServicePointManager.ServerCertificateValidationCallback += new 
> RemoteCertificateValidationCallback(ValidateRemoteCertificate);
> Then create a call back method like so
> private bool ValidateRemoteCertificate(object sender, 
>                       X509Certificate certificate, 
>                       X509Chain chain, 
>                       SslPolicyErrors policyErrors)
> {
>       if(DisableCertificateValidation) return true;
>       
>       return policyErrors == null;
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira