Archived Forum Post

Index of archived forum posts


StartTLS error on Win8 succeeds under Win7

May 13 '14 at 13:14

I have a very odd issue associated with TLS and CkMailman. Following the ancient maxim of "if it ain't broke, don't fix it", we have been using Chilkat VC++ libs v8.4 since 2008 without incident. Recently it's been brought to my attention that a piece of our logic is failing -- in this case, apparently only on Win 8 systems.

During the course of our user workflow, we will transmit an SMTP stream using TLS on port 2525 thusly:

CKMailMan mailman;

CkEmail email;

bool bSendResult = mailman.SendEmail(email);
if (!bSendResult){
} else {

The nominal response to this (using pre-Win8) is:

<info>Connecting to SMTP server</info>
<InitialResponse><![CDATA[220 ESMTP
<info>Sending STARTTLS...</info>
<info>Hostname is empty in VerifyServerCertificate</info>
<info>SSL Server Certificate not verified.</info>
<info>Secure Channel Established.</info>
<info>TLS connection established.</info>
250-SIZE 30720000
<login_method>NONE or already authenticated</login_method>
<info>CONNECTED to ESMTP server</info>

However, the exact same code executed under Win 8 produces:

 <info>Connecting to SMTP server</info>
 <InitialResponse><![CDATA[220 ESMTP
 <info>Sending STARTTLS...</info>
 <error>Invalid token.</error>
 <error>Aborting because of fatal error</error>
 <error>Error performing handshake.</error>
 <error>Failed to establish TLS connection.</error>
 <error>Failed to connect to SMTP server.</error>

Any ideas as to why using the same binary the request succeeds when issued from Win7 and fails from Win8? I have verified that "Prebuilt on Win7/executed on Win8" vs "Compiled and built on Win8" behave the same (fail). I've also confirmed that the problem goes away if the code is rebuilt against the 9.5 version of C++ libs -- I'm just puzzled as to why there is a Win7/Win8 difference.


The "Invalid token." error message is an indicator that your older version of Chilkat was still using Microsoft's SChannel Platform SDK functions for the SSL/TLS implementation. When Chilkat expanded to non-Windows platforms, it switched to its own proprietary SSL/TLS implementation (which by the way is not based on OpenSSL).