Adding ServerCertificateValidationCallback Option

[Harmonickey]

I would like to include the option to add the callback which is already checked in OpenConnectedSmtpClient(). The calling code would be able to have something like this to make sure that even default exchange setups work.

private bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    if (sslPolicyErrors == SslPolicyErrors.None)
        return true;

    // if there are errors in the certificate chain, look at each error to determine the cause.
    if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0 || (sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != 0)
    {
        if (chain != null && chain.ChainStatus != null)
        {
            foreach (var status in chain.ChainStatus)
            {
                if ((certificate.Subject == certificate.Issuer) && (status.Status == X509ChainStatusFlags.UntrustedRoot))
                {
                    // self-signed certificates with an untrusted root are valid. 
                    continue;
                }
                else if (status.Status != X509ChainStatusFlags.NoError)
                {
                    // if there are any other errors in the certificate chain, the certificate is invalid,
                    // so the method returns false.
                    return false;
                }
            }
        }

        // When processing reaches this line, the only errors in the certificate chain are 
        // untrusted root errors for self-signed certificates. These certificates are valid
        // for default Exchange server installations, so return true.
        return true;
    }

    return false;
}

Reference Callback Solution for Calling Code https://github.com/jstedfast/MailKit/issues/307#issuecomment-191860617 Reference

37

[Harmonickey]

This functionality is already in dev