Feature request : SSL_CTX_set_verify

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Just updated ticket #1032.

Thanks for the suggestion.

BR,
nanang


On Fri, Jan 29, 2010 at 10:52 PM, Pierre-Luc Bacon
<pierre-luc.bacon at savoirfairelinux.com> wrote:
> At the moment it seems that the callback on SSL_CTX_set_verify is being set to NULL :
>
> pjproject/pjlib/src/pj/ssl_sock_ossl.c
> 469: ? ?SSL_CTX_set_verify(ctx, mode, NULL);
>
> pjproject/pjsip/src/pjsip/sip_transport_tls_ossl.c
> 460: ? ?SSL_CTX_set_verify(ctx, mode, NULL);
>
> However, I think one could make a great use of it if it were available from the client (ie. the "implementer"). The use case of particular interest for me is to give the user the ability to see information and to get notified when a server certificate is received (just as Firefox or any browser does). Also, if the client does not already have the required CA files installed locally on her computer, that might be just enough to "confirm" the process.
>
> I don't how you (Benny) feel about "leaking" some of OpenSSL in the library, but considering its widespread use, I don't see much of a problem with this.
>
> Thank you,
> Pierre-Luc Bacon
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>



[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux