Re: Secure POP3 session using Schannel.



"Piotr Trojanowski" <PiotrTrojanowski@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:DC50D916-5B7F-4AE3-B8C9-A9517468308F@xxxxxxxxxxxxxxxx

However this call returns an error: SEC_E_UNTRUSTED_ROOT (0x80090325L).
...
"The server you are connected to is using a security certificate that
could
not be verified. A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider. Do you want to
continue using this server?". If I select Yes, then the connection is
established and e-mail received.

Yes, those are the same thing. A way round it which works for me is:

(1) Give ISC_REQ_MANUAL_CRED_VALIDATION to the first
InitializeSecurityContext.

(2) Do my own validation of the server certificate, following the
WebClient.c example.

(3) Whilst doing so specify SECURITY_FLAG_IGNORE_CERT_CN_INVALID
in the call to CertVerifyCertificateChainPolicy.

(4) Do my own check that the root certificate sent by the server matches the
copy of the private root certificate that I have embedded in my application
(of course if you don't care you don't need to do this).

Er, all of which is hundreds of lines of code, and I still haven't got my
head round the error checking or exactly which resources to free how and
when. Fun, this stuff, isn't it.

--
Tim Ward
Brett Ward Limited - www.brettward.co.uk


.



Relevant Pages

  • RE: L2TP setup.
    ... Based on my research, L2TP/IPSec VPN configuration is complex, L2TP/IPSec ... VPN connection need install certificate on server and clients or configure ...
    (microsoft.public.windows.server.sbs)
  • Re: Vista Bus to SBS2003R2 connectcomputer problems . . .
    ... and the certificate error are not working so recommendations have been ... Ethernet adapter Local Area Connection: ... Business Server ... Please also find below a sysinfo dump for the Vista PC: ...
    (microsoft.public.windows.server.sbs)
  • Re: Huge problem; new to this job
    ... our entire network went down. ... We have 2 offices and 1 server. ... over IPSec require the installation of a machine certificate, ... connection to provide connectivity between the two offices (across the ...
    (microsoft.public.windows.server.networking)
  • Re: Active Sync Problem with Win Mobile 2003 2nd Edition
    ... We can access OMA via GPRS while accessing the SBS2003 server ... But we cannot get Active Sync work on the handheld from ... there is no problem with connection to the ... Internet_55 indicates a certificate problem - are you using a ...
    (microsoft.public.pocketpc.activesync)
  • Re: L2TP setup.
    ... Based on my research, L2TP/IPSec VPN configuration is complex, L2TP/IPSec ... VPN connection need install certificate on server and clients or configure ...
    (microsoft.public.windows.server.sbs)