Hi Nir, Agree with item #1. However, regarding item #2 especially this part: "there is no way to add personal root CA", iirc, I have done it before. Please check http://www.jacco2.dds.nl/networking/symbian_cert_import.html. BR, nanang On Thu, Jan 14, 2010 at 3:09 AM, nir elkayam <nir.elkayam at gmail.com> wrote: > hi all, > > when using TLS over symbian has few drawbacks as oppose to openssl in 2 > features: > 1. client certificate does not supported in symbian. > 2. server certificate validate with public root CA preinstalled on the phone > and there is no way to add personal root CA. > the later may be problematic because it make me go throw the validation > process of verisign for example where as i might want to generate my own > root certificate and sign the certificate with my own root CA, > this will make it more accesible and easy to handle. > > the quastion/suggestion is, from the CSecureSocket we can retrive the server > certificate with CX509Certificate *ServerCert(); API in CSecureSocket. > benny, maybe we can add a callback to give this certificate back, > and this is for someone how familier with X509, > can we use this certificate and give our own root certificate and use these > to validate the server certificate with our own root certificate? > > with this there will still be displayed the anoying dialog about the > untrusted certificate but the security will get higher on the intresting > cases. > > nir > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > >
