symbian TLS server certificate ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi nanang,

I am not sure how the symbian CSecureSocket validate the certificate.
let me explain,
when u connect some secure site on the internet, the explorer check that the
certificate is valid (i.e. sign by verisign) and also validate that the
address site is identical to the one inside the certificate.
this way, when u make a connection to gmail site, u won't accept the hotmail
certificate even that the both sign by verisign.

I think that the symbian verification, validate that the certificate is sign
by verisign (or something trusted like that) but its the app responsibility
to take the certificate and validate its use and the the address inside
match the request "address".

the CSecureSocket has a method:
(
http://library.forum.nokia.com/index.jsp?topic=/S60_3rd_Edition_Cpp_Developers_Library/GUID-35228542-8C95-4849-A73F-2B4F082F0C44/html/SDL_93/doc_source/reference/reference-cpp/TLS/CSecureSocketClass.html
)
ServerCert()

IMPORT_C const CX509Certificate *ServerCert();

that return the server certificate and allow the app to validate it.


nir




On Mon, Nov 9, 2009 at 3:56 PM, Nanang Izzuddin
<nanang.izzuddin at gmail.com>wrote:

> Hi Nir,
>
> Verification mechanism by application has not been supported yet. It'd
> be great if you would like to share some feedback/suggestion on how
> this verification should work or at least how you need it.
>
> Currently, CMIIW, it will just automatically check the server
> certificate based on trusted CA list in OS certificate store, whenever
> the certificate is considered to be untrusted, confirmation dialog
> will be shown.
>
> Btw, so far couldn't find how CSecureSocket let the application do
> 'manual' verification before the SSL handshake completed.
>
> BR,
> nanang
>
>
> On Sun, Nov 8, 2009 at 11:16 PM, nir elkayam <nir.elkayam at gmail.com>
> wrote:
> > hi all,
> >
> > when I use the TLS in symbian OS, can I get the server certificate to
> > validate it in my code?
> > in general, how do I handle the certificate using the new TLS transport?
> >
> > thanks,
> > nir
> >
> > _______________________________________________
> > Visit our blog: http://blog.pjsip.org
> >
> > pjsip mailing list
> > pjsip at lists.pjsip.org
> > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
> >
> >
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>



-- 
??? ??????
??: 050-3930056
nir.elkayam at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20091109/875092d0/attachment.html>


[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux