0
votes

I am trying to access Gmail's SMTP service from an ASP.NET MVC site running under Mono 2.4.2.3. But I keep getting this error:

System.InvalidOperationException: SSL authentication error: RemoteCertificateChainErrors
  at System.Net.Mail.SmtpClient.m__3 (System.Object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, SslPolicyErrors sslPolicyErrors) [0x00000] 
  at System.Net.Security.SslStream+c__AnonStorey9.m__9 (System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Int32[] certErrors) [0x00000] 
  at Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] errors) [0x00000] 
  at Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] errors) [0x00000] 
  at Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] certificateErrors) [0x00000] 
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x00000] 
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 () [0x00000] 
  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] 
  at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
  at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] 
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] 

I have installed certificates using:

certmgr -ssl -m smtps://smtp.gmail.com:465

with this output:

Mono Certificate Manager - version 2.4.2.3
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.


 X.509 Certificate v3
   Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
   Issued to:   C=US, O=Google Inc, CN=Google Internet Authority
   Valid from:  06/08/2009 20:43:27
   Valid until: 06/07/2013 19:43:27
   *** WARNING: Certificate signature is INVALID ***
Import this certificate into the CA store ?yes

 X.509 Certificate v3
   Issued from: C=US, O=Google Inc, CN=Google Internet Authority
   Issued to:   C=US, S=California, L=Mountain View, O=Google Inc, CN=smtp.gmail.com
   Valid from:  04/22/2010 20:02:45
   Valid until: 04/22/2011 20:12:45
Import this certificate into the AddressBook store ?yes

2 certificates added to the stores.

In fact, this worked for a month but mysteriously stopped working on May 5.

I installed these new certs today, but I am still getting these errors.

3
Can you determine the value of the sslPolicyErrors argument?dtb
@dtb good thought. That code is in a library so it's hard to debug, but I'll certainly try. Maybe a StackTrace would reveal it?Frank Krueger

3 Answers

1
votes

It broke my web project too, but luckily it was before we went live. It was working great before then. I tried to upgrade to a custom built 2.6, but there were more regressions.

ServicePointManager.ServerCertificateValidationCallback didn't work in 2.4 as it threw a NotImplemented exception.

I temporarily got around it by using: http://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via-smtpgmailcom/ A hackaround for sure, but no code was written (that would be in use anyway).

0
votes

My setup was working correctly just like yours an then it stopped working out of no where, so I knew that the code was fine just the permissions.

This what I did to get it working again.

sudo apt-get install ca-certificates