I think that should do it. In fact, setting the servername is mandatory for Symbian (here's how to do it: [1]), otherwise you'll get KErrAbort/Interrupted on most devices. If the servername you set doesn't match the name in the certificate, a confirmation dialog will pop up. [1] http://trac.pjsip.org/repos/wiki/TLS_on_Symbian#EnableSIPtransportSSLTLSonsymbian_uasampleapplication On Mon, Nov 9, 2009 at 10:12 PM, nir elkayam <nir.elkayam at gmail.com> wrote: > hi, > > that intresting. > actually, I never used CSecureSocket but it seems that this would do the > trick. > I'll try to test this.. > > thanks, > nir > > On Mon, Nov 9, 2009 at 5:06 PM, Nanang Izzuddin <nanang at pjsip.org> wrote: >> >> Hi Nir, >> >> Seems that I guessed wrong :) >> >> So, now I guess you need to verify the server hostname :) If this [1] >> works that way, then it is already supported, just specify the server >> name parameter in SSL socket creation. >> >> BR, >> nanang >> >> --- >> [1] >> http://wiki.forum.nokia.com/index.php/KIS000322_-_Secure_sockets_need_additional_configuration_on_S60_3rd_Edition >> >> >> >> On Mon, Nov 9, 2009 at 9:39 PM, nir elkayam <nir.elkayam at gmail.com> wrote: >> > hi nanang, >> > >> > I am not sure how the symbian CSecureSocket validate the certificate. >> > let me explain, >> > when u connect some secure site on the internet, the explorer check that >> > the >> > certificate is valid (i.e. sign by verisign) and also validate that the >> > address site is identical to the one inside the certificate. >> > this way, when u make a connection to gmail site, u won't accept the >> > hotmail >> > certificate even that the both sign by verisign. >> > >> > I think that the symbian verification, validate that the certificate is >> > sign >> > by verisign (or something trusted like that) but its the app >> > responsibility >> > to take the certificate and validate its use and the the address inside >> > match the request "address". >> > >> > the CSecureSocket has a method: >> > >> > (http://library.forum.nokia.com/index.jsp?topic=/S60_3rd_Edition_Cpp_Developers_Library/GUID-35228542-8C95-4849-A73F-2B4F082F0C44/html/SDL_93/doc_source/reference/reference-cpp/TLS/CSecureSocketClass.html) >> > >> > ServerCert() >> > >> > IMPORT_C const CX509Certificate *ServerCert(); >> > >> > that return the server certificate and allow the app to validate it. >> > >> > nir >> > >> > >> > >> > On Mon, Nov 9, 2009 at 3:56 PM, Nanang Izzuddin >> > <nanang.izzuddin at gmail.com> >> > wrote: >> >> >> >> Hi Nir, >> >> >> >> Verification mechanism by application has not been supported yet. It'd >> >> be great if you would like to share some feedback/suggestion on how >> >> this verification should work or at least how you need it. >> >> >> >> Currently, CMIIW, it will just automatically check the server >> >> certificate based on trusted CA list in OS certificate store, whenever >> >> the certificate is considered to be untrusted, confirmation dialog >> >> will be shown. >> >> >> >> Btw, so far couldn't find how CSecureSocket let the application do >> >> 'manual' verification before the SSL handshake completed. >> >> >> >> BR, >> >> nanang >> >> >> >> >> >> On Sun, Nov 8, 2009 at 11:16 PM, nir elkayam <nir.elkayam at gmail.com> >> >> wrote: >> >> > hi all, >> >> > >> >> > when I use the TLS in symbian OS, can I get the server certificate to >> >> > validate it in my code? >> >> > in general, how do I handle the certificate using the new TLS >> >> > transport? >> >> > >> >> > thanks, >> >> > nir >> >> > >> >> > _______________________________________________ >> >> > Visit our blog: http://blog.pjsip.org >> >> > >> >> > pjsip mailing list >> >> > pjsip at lists.pjsip.org >> >> > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >> >> > >> >> > >> >> >> >> _______________________________________________ >> >> Visit our blog: http://blog.pjsip.org >> >> >> >> pjsip mailing list >> >> pjsip at lists.pjsip.org >> >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >> > >> > >> > >> > -- >> > ??? ?????? >> > ??: 050-3930056 >> > nir.elkayam at gmail.com >> > >> > >> > _______________________________________________ >> > Visit our blog: http://blog.pjsip.org >> > >> > pjsip mailing list >> > pjsip at lists.pjsip.org >> > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >> > >> > >> >> _______________________________________________ >> Visit our blog: http://blog.pjsip.org >> >> pjsip mailing list >> pjsip at lists.pjsip.org >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > > > -- > ??? ?????? > ??: 050-3930056 > nir.elkayam at gmail.com > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > >
