Hi Nir, Seems that I guessed wrong :) So, now I guess you need to verify the server hostname :) If this [1] works that way, then it is already supported, just specify the server name parameter in SSL socket creation. BR, nanang --- [1] http://wiki.forum.nokia.com/index.php/KIS000322_-_Secure_sockets_need_additional_configuration_on_S60_3rd_Edition On Mon, Nov 9, 2009 at 9:39 PM, nir elkayam <nir.elkayam at gmail.com> wrote: > hi nanang, > > I am not sure how the symbian CSecureSocket validate the certificate. > let me explain, > when u connect some secure site on the internet, the explorer check that the > certificate is valid (i.e. sign by verisign) and also validate that the > address site is identical to the one inside the certificate. > this way, when u make a connection to gmail site, u won't accept the hotmail > certificate even that the both sign by verisign. > > I think that the symbian verification, validate that the certificate is sign > by verisign (or something trusted like that) but its the app responsibility > to take the certificate and validate its use and the the address inside > match the request "address". > > the CSecureSocket has a method: > (http://library.forum.nokia.com/index.jsp?topic=/S60_3rd_Edition_Cpp_Developers_Library/GUID-35228542-8C95-4849-A73F-2B4F082F0C44/html/SDL_93/doc_source/reference/reference-cpp/TLS/CSecureSocketClass.html) > > ServerCert() > > IMPORT_C const CX509Certificate *ServerCert(); > > that return the server certificate and allow the app to validate it. > > nir > > > > On Mon, Nov 9, 2009 at 3:56 PM, Nanang Izzuddin <nanang.izzuddin at gmail.com> > wrote: >> >> Hi Nir, >> >> Verification mechanism by application has not been supported yet. It'd >> be great if you would like to share some feedback/suggestion on how >> this verification should work or at least how you need it. >> >> Currently, CMIIW, it will just automatically check the server >> certificate based on trusted CA list in OS certificate store, whenever >> the certificate is considered to be untrusted, confirmation dialog >> will be shown. >> >> Btw, so far couldn't find how CSecureSocket let the application do >> 'manual' verification before the SSL handshake completed. >> >> BR, >> nanang >> >> >> On Sun, Nov 8, 2009 at 11:16 PM, nir elkayam <nir.elkayam at gmail.com> >> wrote: >> > hi all, >> > >> > when I use the TLS in symbian OS, can I get the server certificate to >> > validate it in my code? >> > in general, how do I handle the certificate using the new TLS transport? >> > >> > thanks, >> > nir >> > >> > _______________________________________________ >> > Visit our blog: http://blog.pjsip.org >> > >> > pjsip mailing list >> > pjsip at lists.pjsip.org >> > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >> > >> > >> >> _______________________________________________ >> Visit our blog: http://blog.pjsip.org >> >> pjsip mailing list >> pjsip at lists.pjsip.org >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > > > -- > ??? ?????? > ??: 050-3930056 > nir.elkayam at gmail.com > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > >
