hi nanang, thanks for the link. however, now i get the -7547, but can't seems to solve that. i use opensips and generated the root certificate and user certificate. when generating the user certificate, i set the commonName to my server name as i set in the the server_name property inside tls_setting. any hint? has anyone been able to active the server validation? thanks, nir On Thu, Jan 14, 2010 at 4:12 PM, Nanang Izzuddin <nanang at pjsip.org> wrote: > Hi Nir, > > Agree with item #1. However, regarding item #2 especially this part: > "there is no way to add personal root CA", iirc, I have done it > before. Please check > http://www.jacco2.dds.nl/networking/symbian_cert_import.html. > > BR, > nanang > > > On Thu, Jan 14, 2010 at 3:09 AM, nir elkayam <nir.elkayam at gmail.com> > wrote: > > hi all, > > > > when using TLS over symbian has few drawbacks as oppose to openssl in 2 > > features: > > 1. client certificate does not supported in symbian. > > 2. server certificate validate with public root CA preinstalled on the > phone > > and there is no way to add personal root CA. > > the later may be problematic because it make me go throw the validation > > process of verisign for example where as i might want to generate my own > > root certificate and sign the certificate with my own root CA, > > this will make it more accesible and easy to handle. > > > > the quastion/suggestion is, from the CSecureSocket we can retrive the > server > > certificate with CX509Certificate *ServerCert(); API in CSecureSocket. > > benny, maybe we can add a callback to give this certificate back, > > and this is for someone how familier with X509, > > can we use this certificate and give our own root certificate and use > these > > to validate the server certificate with our own root certificate? > > > > with this there will still be displayed the anoying dialog about the > > untrusted certificate but the security will get higher on the intresting > > cases. > > > > nir > > > > > > _______________________________________________ > > Visit our blog: http://blog.pjsip.org > > > > pjsip mailing list > > pjsip at lists.pjsip.org > > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > > > > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org > -- ??? ?????? ??: 050-3930056 nir.elkayam at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20100114/83feb665/attachment.html>
