[API Proposal]: SmtpClient.SslOptions

[rzikm]

Background and motivation

SmtpClient can be configured to use TLS via SmtpClient.EnableSsl property, but at this time, there is no way to configure the actual TLS connection parameters (client certs, remote certificate validation, etc). This is one of the last areas that is still affected by ServicePointManager (for SslProtocols and cert validation).

API Proposal

namespace System.Net.Mail;

public partial class SmtpClient
{
    // lazily initialized on get;, has no effect if EnableSsl == false
+   public SslClientAuthenticationOptions SslOptions { get; set; }

    // existing member
+   [Obsolete("Use SslOptions.ClientCertificates instead")]
    public X509CertificatesCollection ClientCertificates { get; } // => SslOptions.ClientCertificates
}

API Usage

SmtpClient client = new(...) {
    SslOptions = {
        ClientCertificates = new () { myClientCertificate },
        RemoteCertificateValidationCallback = delegate { return true; }, // imagine complicated validation logic here,
        
        TargetHost = "smtp.somehost.com" // if not set, defaults to SmtpClient.Host,
        
        // there is no smtp in IANA registry, so ALPN is not used with SMTP, but we would probably respect whatever user
        // decided they want to send
        // ApplicationProtocols = [ new SslApplicationProtocol("whatever-i-want") ]

        // other members omited for brevity
    }
}

Alternative Designs

No response

Risks

No response

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.