Login/Register
authentication or decryption has failed when sending mail to GMail using SSL
Asked Answered
Solved c#emailmonogmail
R

7

10

I'm referring to this guide on C# SMTP mail.

Here is my code:

MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("[email protected]");
mail.To.Add("[email protected]");
mail.Subject = "Test Mail";
mail.Body = "This is for testing SMTP mail from GMAIL";
SmtpServer.Port = 587;
SmtpServer.Credentials = new System.Net.NetworkCredential("MyUserNameInGmail", "MyGmailPassWord");
SmtpServer.EnableSsl = true;

SmtpServer.Send(mail);

Unfortunately, there's an exception regarding SSL and I can't fix it:

Unhandled Exception: System.Net.Mail.SmtpException: Message could not be sent. ---> System.IO.IOException: The authentication or decryption has failed. ---> System.InvalidOperationException: SSL authentication error: RemoteCertificateNotAvailable, RemoteCertificateChainErrors at System.Net.Mail.SmtpClient.m__4 (System.Object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, SslPolicyErrors sslPolicyErrors) [0x00000] in :0 at System.Net.Security.SslStream+c__AnonStorey7.<>m__A (System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Int32[] certErrors) [0x00000] in :0
at Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] errors) [0x00000] in :0
at Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] errors) [0x00000] in :0
at Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] certificateErrors) [0x00000] in :0 at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x00000] in :0 at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 () [0x00000] in :0
at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] in :0
at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process () at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in :0 at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in :0 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in :0 --- End of inner exception stack trace --- at System.Net.Mail.SmtpClient.Send (System.Net.Mail.MailMessage message) [0x00000] in :0
at csharpdungeon.MainClass.Main () [0x00000] in :0

Ruching answered 10/11, 2010 at 19:2 Comment(1)
someone already implemented sending via gmail (#32760)Ensign
A
14

The correct solution is not to remove SSL Certificate Validation. GMail has a valid certificate. The problem is that Mono can't seem to find the certificate.

This is completely wrong for so many reasons, but mainly because it removes a very important certificate validation:

ServicePointManager.ServerCertificateValidationCallback = 
            delegate(object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) 
                { return true; };

The correct solution is to install the certificate in your machine:

mozroots --import --ask-remove --machine
certmgr -ssl smtps://smtp.gmail.com:465

This will effectively download the certificate for gmail and it will make it available for mono to use.

Aspect answered 17/8, 2013 at 16:16 Comment(3)
Is there any way to import the certificates as we go ? I am writing a crawler, and I need to import the certificates to the mono store as I reach them.Cahoot
Will certmgr -ssl smtps://smtp.gmail.com:465 blindly allow whatever certificate it receives - and expose it to a MITM problem?Gas
@TonoNam I know it's late, but now it isRuching
B
23

Check if code below would work for you; I've tested it on my gmail account and it seem to work fine with my mono 2.0 running on ubuntu 10.04LTS

using System;
using System.Net;
using System.Net.Mail;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

namespace mono_gmail
{
    class MainClass
    {
        public static void Main (string[] args)
        {
            MailMessage mail = new MailMessage();

            mail.From = new MailAddress("[email protected]");
            mail.To.Add("[email protected]");
            mail.Subject = "Test Mail";
            mail.Body = "This is for testing SMTP mail from GMAIL";

            SmtpClient smtpServer = new SmtpClient("smtp.gmail.com");
            smtpServer.Port = 587;
            smtpServer.Credentials = new System.Net.NetworkCredential("my.name", "my.password");
            smtpServer.EnableSsl = true;
            ServicePointManager.ServerCertificateValidationCallback = 
                delegate(object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) 
                    { return true; };
            smtpServer.Send(mail);
        }
    }
}

solution is taken from here

hope this helps, regards

Boehm answered 12/11, 2010 at 4:22 Comment(2)
The code is actually ignoring certificate errors, not good for security.Homophony
-1: This code is wrong, because it doesn't solve the problem of CAs not being recognized. They are still not being recognized and now you have opened up your application to massive MITM problems.Nineteen
A
14

The correct solution is not to remove SSL Certificate Validation. GMail has a valid certificate. The problem is that Mono can't seem to find the certificate.

This is completely wrong for so many reasons, but mainly because it removes a very important certificate validation:

ServicePointManager.ServerCertificateValidationCallback = 
            delegate(object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) 
                { return true; };

The correct solution is to install the certificate in your machine:

mozroots --import --ask-remove --machine
certmgr -ssl smtps://smtp.gmail.com:465

This will effectively download the certificate for gmail and it will make it available for mono to use.

Aspect answered 17/8, 2013 at 16:16 Comment(3)
Is there any way to import the certificates as we go ? I am writing a crawler, and I need to import the certificates to the mono store as I reach them.Cahoot
Will certmgr -ssl smtps://smtp.gmail.com:465 blindly allow whatever certificate it receives - and expose it to a MITM problem?Gas
@TonoNam I know it's late, but now it isRuching
A
6

You do not have the appropriate certificate authorities installed somewhere where Mono can see them. Please have a look at the Mono project security FAQ for the steps to remedy this error.

Ania answered 10/11, 2010 at 19:4 Comment(0)
P
1

If you're using SSL rather than TLS, you need port 465 rather than 587.

See http://mail.google.com/support/bin/answer.py?hl=en&answer=13287.

Pylon answered 10/11, 2010 at 19:5 Comment(0)
Y
1

Have you tried changing the port, I know the default SMTP port for SSL is 465

Yore answered 10/11, 2010 at 19:7 Comment(1)
Yes, but it changes from "crashes" to "freezes"Ruching
H
0

Found another solution from SmtpClient with Gmail

certmgr -ssl smtps://smtp.gmail.com:465

If you are running mono web server, run command with same username as mono process.

Homophony answered 30/3, 2013 at 13:16 Comment(0)
D
-1

Do you need to send securely with SSL? You could remove this statement SmtpServer.EnableSsl = true; which would not require the SSL cert.

Dioptric answered 10/11, 2010 at 19:6 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.