hi nanang, I am not sure how the symbian CSecureSocket validate the certificate. let me explain, when u connect some secure site on the internet, the explorer check that the certificate is valid (i.e. sign by verisign) and also validate that the address site is identical to the one inside the certificate. this way, when u make a connection to gmail site, u won't accept the hotmail certificate even that the both sign by verisign. I think that the symbian verification, validate that the certificate is sign by verisign (or something trusted like that) but its the app responsibility to take the certificate and validate its use and the the address inside match the request "address". the CSecureSocket has a method: ( http://library.forum.nokia.com/index.jsp?topic=/S60_3rd_Edition_Cpp_Developers_Library/GUID-35228542-8C95-4849-A73F-2B4F082F0C44/html/SDL_93/doc_source/reference/reference-cpp/TLS/CSecureSocketClass.html ) ServerCert() IMPORT_C const CX509Certificate *ServerCert(); that return the server certificate and allow the app to validate it. nir On Mon, Nov 9, 2009 at 3:56 PM, Nanang Izzuddin <nanang.izzuddin at gmail.com>wrote: > Hi Nir, > > Verification mechanism by application has not been supported yet. It'd > be great if you would like to share some feedback/suggestion on how > this verification should work or at least how you need it. > > Currently, CMIIW, it will just automatically check the server > certificate based on trusted CA list in OS certificate store, whenever > the certificate is considered to be untrusted, confirmation dialog > will be shown. > > Btw, so far couldn't find how CSecureSocket let the application do > 'manual' verification before the SSL handshake completed. > > BR, > nanang > > > On Sun, Nov 8, 2009 at 11:16 PM, nir elkayam <nir.elkayam at gmail.com> > wrote: > > hi all, > > > > when I use the TLS in symbian OS, can I get the server certificate to > > validate it in my code? > > in general, how do I handle the certificate using the new TLS transport? > > > > thanks, > > nir > > > > _______________________________________________ > > Visit our blog: http://blog.pjsip.org > > > > pjsip mailing list > > pjsip at lists.pjsip.org > > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > > > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > -- ??? ?????? ??: 050-3930056 nir.elkayam at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20091109/875092d0/attachment.html>
