|
From: | jehan monnier |
Subject: | Re: [Linphone-developers] SSL/TLS certificate verification callback patch |
Date: | Thu, 15 Jan 2015 14:37:53 +0100 |
Hi Eli, Thanks for your patch. I agree this is an interesting add-on. On the implementation part, I'm mainly reviewed belle-sip part. Bellow my comments: -Better to put verify_cb_error_cb_t pointer into structure belle_tls_verify_policy_t -verify_cb_error_cb_t shall be part of the public API. -verify_cb_error_cb_t don't you need to add parameter of type belle_sip_certificate_raw_format_t ? -verify_cb_error_cb_t, what is the purpose of flag ?might be enough to just have return value like BELLE_SIP_VERIFY_OK | BELLE_SIP_VERIFY_ERROR Best regards Le 8 janv. 2015 à 21:24, Eli Burke <address@hidden> a écrit : Here’s a patch to belle-sip and liblinphone that adds a callback mechanism to intercept SSL certificate validation errors. It allows an application to side-load certificates, verify against system-trusted certificates, or display self-signed certificates to users for white-listing. Comments in the belle-sip patch explain appropriate usage: make sure you turn off linphone_core_iterate and respect the certificate depth and flags parameters. |
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Prev in Thread] | Current Thread | [Next in Thread] |