|Subject:||Re: [Linphone-developers] SSL/TLS certificate verification callback patch|
|Date:||Thu, 15 Jan 2015 14:37:53 +0100|
Thanks for your patch. I agree this is an interesting add-on.
On the implementation part, I'm mainly reviewed belle-sip part.
Bellow my comments:
-Better to put verify_cb_error_cb_t pointer into structure belle_tls_verify_policy_t
-verify_cb_error_cb_t shall be part of the public API.
-verify_cb_error_cb_t don't you need to add parameter of type belle_sip_certificate_raw_format_t ?
-verify_cb_error_cb_t, what is the purpose of flag ?might be enough to just have return value like BELLE_SIP_VERIFY_OK | BELLE_SIP_VERIFY_ERROR
Le 8 janv. 2015 à 21:24, Eli Burke <address@hidden> a écrit :
Here’s a patch to belle-sip and liblinphone that adds a callback mechanism to intercept SSL certificate validation errors. It allows an application to side-load certificates, verify against system-trusted certificates, or display self-signed certificates to users for white-listing. Comments in the belle-sip patch explain appropriate usage: make sure you turn off linphone_core_iterate and respect the certificate depth and flags parameters.
Description: Message signed with OpenPGP using GPGMail
|[Prev in Thread]||Current Thread||[Next in Thread]|