Authenticate as SSL client failed. You might be connecting to non SSL port

+1 vote

You helped me with an issue I had before with your Mail.dll file, hopefully you can help me with this issue.

We use your Mail.dll on both Windows and Linux (under MONO). Under Windows, everything is fine. Under MONO, when we are setup to use Gmail, we cannot receive any messages. We can send ok, so I know the username/password are correct. When we attempt to get messages we get the error: (from the catch below)

"Authenticate as SSL client failed. You might be connecting to non SSL port".

Here is the code where it fails:

Try
    imap = New Imap
    imap.ConnectSSL("imap.gmail.com", 993)   ' for gmail
    imap.Login(gGmailUser, gGmailPass)
Catch ex As Exception
    WriteMon("Error", "Unable to log into Gmail server: " & ex.Message)
    CloseConnection()
    Return False
End Try

And the inner exception is:

---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate
received from server. at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.LocalValidation
(Mono.Security.Protocol.Tls.ClientContext context, AlertDescription
description) [0x00000] in :0 at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates
(Mono.Security.X509.X509CertificateCollection certificates [0x00000]
in :0 at
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1
() [0x00000] in :0 at
Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
[0x00000] in :0

Hopefully there is a simple fix!

by

1 Answer

0 votes
 
Best answer

Usually this error means that you are using incorrect port. For example you use ConnectSSL method and non SSL port like 143.

In most cases simply removing port and allowing Mail.dll to use default settings is enough.

This situation is different however, port 993 is a correct port for IMAP over SSL. So although you don't need to specify that, it is not a problem.

Most likely you are missing root certificates. Remember to import them:

mozroots --import --ask-remove

Note that if you are using a web application (i.e. not the current user) you must add the --machine option like this:

mozroots --import --ask-remove --machine

Next you need to import the intermediate certificates. You can do this by using the certmgr tool to connect to the SSL server. E.g.

certmgr -ssl smtps://smtp.gmail.com:465

(http://www.mono-project.com/docs/faq/security/)

by (301k points)
...