On Sat, 2010-07-10 at 13:44 -0400, Abe Gillespie wrote: > sberryman, Jan, > > Thanks for the help, guys. I did try this as I've used this > work-around before and I *thought* it wasn't working as well. But I > just had another try and it worked fine. > > Now, is there a safe way to implement this work-around?
Not really - otherwise there would be no gain (just pain) in verifying the certificate chain ;-) > I'm not much > of a security wonk, so what can I check in the cert to accept only > Google's? I see properties like Issuer, Thumbprint, and > GetRawCertData. > Can I use any of these to verify, or at least do > slightly more than "return true" for all certs? You can check the thumbprint (it's a hash) but that will stop working when Google updates its certificate or if it use more than one certificate (e.g. on different servers). Now (from the bug report) it looks like you have permission issues when executing code from apache (likely it can't read the certificates). See my comment there... > Thanks. > -Abe > > On Fri, Jul 9, 2010 at 10:06 PM, sberryman <[email protected]> wrote: > > > > You could always use the ServicePointManager to accept all SSL certs. > > Security risk but I've used it in the past when I've had problems with Mono > > and SSL certs. > > > > Simply add the following delegate before you send the email. > > > > ServicePointManager.ServerCertificateValidationCallback = delegate(object > > sender, System.Security.Cryptography.X509Certificates.X509Certificate > > certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, > > System.Net.Security.SslPolicyErrors sslPolicyErrors) > > { > > return true; > > }; > > > > -- > > View this message in context: > > http://mono.1490590.n4.nabble.com/Preview-2-6-6-tp2279971p2284277.html > > Sent from the Mono - General mailing list archive at Nabble.com. > > _______________________________________________ > > Mono-list maillist - [email protected] > > http://lists.ximian.com/mailman/listinfo/mono-list > > > _______________________________________________ > Mono-list maillist - [email protected] > http://lists.ximian.com/mailman/listinfo/mono-list _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
