hi, that intresting. actually, I never used CSecureSocket but it seems that this would do the trick. I'll try to test this.. thanks, nir On Mon, Nov 9, 2009 at 5:06 PM, Nanang Izzuddin <nanang at pjsip.org> wrote: > Hi Nir, > > Seems that I guessed wrong :) > > So, now I guess you need to verify the server hostname :) If this [1] > works that way, then it is already supported, just specify the server > name parameter in SSL socket creation. > > BR, > nanang > > --- > [1] > http://wiki.forum.nokia.com/index.php/KIS000322_-_Secure_sockets_need_additional_configuration_on_S60_3rd_Edition > > > > On Mon, Nov 9, 2009 at 9:39 PM, nir elkayam <nir.elkayam at gmail.com> wrote: > > hi nanang, > > > > I am not sure how the symbian CSecureSocket validate the certificate. > > let me explain, > > when u connect some secure site on the internet, the explorer check that > the > > certificate is valid (i.e. sign by verisign) and also validate that the > > address site is identical to the one inside the certificate. > > this way, when u make a connection to gmail site, u won't accept the > hotmail > > certificate even that the both sign by verisign. > > > > I think that the symbian verification, validate that the certificate is > sign > > by verisign (or something trusted like that) but its the app > responsibility > > to take the certificate and validate its use and the the address inside > > match the request "address". > > > > the CSecureSocket has a method: > > ( > http://library.forum.nokia.com/index.jsp?topic=/S60_3rd_Edition_Cpp_Developers_Library/GUID-35228542-8C95-4849-A73F-2B4F082F0C44/html/SDL_93/doc_source/reference/reference-cpp/TLS/CSecureSocketClass.html > ) > > > > ServerCert() > > > > IMPORT_C const CX509Certificate *ServerCert(); > > > > that return the server certificate and allow the app to validate it. > > > > nir > > > > > > > > On Mon, Nov 9, 2009 at 3:56 PM, Nanang Izzuddin < > nanang.izzuddin at gmail.com> > > wrote: > >> > >> Hi Nir, > >> > >> Verification mechanism by application has not been supported yet. It'd > >> be great if you would like to share some feedback/suggestion on how > >> this verification should work or at least how you need it. > >> > >> Currently, CMIIW, it will just automatically check the server > >> certificate based on trusted CA list in OS certificate store, whenever > >> the certificate is considered to be untrusted, confirmation dialog > >> will be shown. > >> > >> Btw, so far couldn't find how CSecureSocket let the application do > >> 'manual' verification before the SSL handshake completed. > >> > >> BR, > >> nanang > >> > >> > >> On Sun, Nov 8, 2009 at 11:16 PM, nir elkayam <nir.elkayam at gmail.com> > >> wrote: > >> > hi all, > >> > > >> > when I use the TLS in symbian OS, can I get the server certificate to > >> > validate it in my code? > >> > in general, how do I handle the certificate using the new TLS > transport? > >> > > >> > thanks, > >> > nir > >> > > >> > _______________________________________________ > >> > Visit our blog: http://blog.pjsip.org > >> > > >> > pjsip mailing list > >> > pjsip at lists.pjsip.org > >> > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > >> > > >> > > >> > >> _______________________________________________ > >> Visit our blog: http://blog.pjsip.org > >> > >> pjsip mailing list > >> pjsip at lists.pjsip.org > >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > > > > > > > -- > > ??? ?????? > > ??: 050-3930056 > > nir.elkayam at gmail.com > > > > > > _______________________________________________ > > Visit our blog: http://blog.pjsip.org > > > > pjsip mailing list > > pjsip at lists.pjsip.org > > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > > > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > -- ??? ?????? ??: 050-3930056 nir.elkayam at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20091109/c86d7bdb/attachment.html>
