Archived Forum Post

Index of archived forum posts

Question:

StartTLS error on Win8 succeeds under Win7

May 13 '14 at 13:14

I have a very odd issue associated with TLS and CkMailman. Following the ancient maxim of "if it ain't broke, don't fix it", we have been using Chilkat VC++ libs v8.4 since 2008 without incident. Recently it's been brought to my attention that a piece of our logic is failing -- in this case, apparently only on Win 8 systems.

During the course of our user workflow, we will transmit an SMTP stream using TLS on port 2525 thusly:

CKMailMan mailman;
mailman.put_SmtpHost(host->h_name);
mailman.put_SmtpPort(2525);
mailman.put_StartTLS(true);

CkEmail email;
email.SetFromMimeText(smtpbuffer);

bool bSendResult = mailman.SendEmail(email);
if (!bSendResult){
mailman.SaveLastError("errors.xml");
} else {
mailman.SaveLastError("xmitlog.xml");
}

The nominal response to this (using pre-Win8) is:

<SMTP_Connect>
<info>Connecting to SMTP server xxxxxxxxxxx.xx.com:2525</info>
<smtp_host>xxxxxxxxxxx.xx.com</smtp_host>
<smtp_port>2525</smtp_port>
<smtp_user>NULL</smtp_user>
<trying-auth-method>NONE</trying-auth-method>
<InitialResponse><![CDATA[220 xxxxxxx.xxx.xxxxxxxx.com ESMTP
]]></InitialResponse>
<info>Sending STARTTLS...</info>
<info>Hostname is empty in VerifyServerCertificate</info>
<info>SSL Server Certificate not verified.</info>
<ConnectionInfo>
<protocol>TLS1</protocol>
<cipher>26126</cipher>
<cipherStrength>128</cipherStrength>
<hash>SHA</hash>
<hashStrength>160</hashStrength>
<keyExchange>RSA</keyExchange>
<keyExchangeStrength>1024</keyExchangeStrength>
</ConnectionInfo>
<info>Secure Channel Established.</info>
<info>TLS connection established.</info>
<sendingHello><![CDATA[EHLO xxxxxxxxxx.xxxxxxxx.com
]]></sendingHello>
<helloResponse><![CDATA[250-xxxxxxx.xxx.xxxxxxxx.com
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250 8BITMIME
]]></helloResponse>
<smtpAuthMethod>NONE</smtpAuthMethod>
<login_method>NONE or already authenticated</login_method>
<info>CONNECTED to ESMTP server xxxxxxxxxxx.xx.com:2525</info>
</SMTP_Connect>

However, the exact same code executed under Win 8 produces:

 <SMTP_Connect>
 <info>Connecting to SMTP server xxxxxxxxxxx.xx.com:2525</info>
 <smtp_host>xxxxxxxxxxx.xx.com</smtp_host>
 <smtp_port>2525</smtp_port>
 <smtp_user>NULL</smtp_user>
 <trying-auth-method>NONE</trying-auth-method>
 <InitialResponse><![CDATA[220 mxxxxxx.xxx.xxxxxxxx.com ESMTP
 ]]></InitialResponse>
 <info>Sending STARTTLS...</info>
 <error>Invalid token.</error>
 <scRet>80090308</scRet>
 <error>Aborting because of fatal error</error>
 <error>Error performing handshake.</error>
 <error>Failed to establish TLS connection.</error>
 </SMTP_Connect>
 <error>Failed to connect to SMTP server.</error>

Any ideas as to why using the same binary the request succeeds when issued from Win7 and fails from Win8? I have verified that "Prebuilt on Win7/executed on Win8" vs "Compiled and built on Win8" behave the same (fail). I've also confirmed that the problem goes away if the code is rebuilt against the 9.5 version of C++ libs -- I'm just puzzled as to why there is a Win7/Win8 difference.


Answer

The "Invalid token." error message is an indicator that your older version of Chilkat was still using Microsoft's SChannel Platform SDK functions for the SSL/TLS implementation. When Chilkat expanded to non-Windows platforms, it switched to its own proprietary SSL/TLS implementation (which by the way is not based on OpenSSL).