Re: [Linphone-developers] SSL/TLS certificate verification callback patch

[jehan monnier]

Hi Eli,

Thanks for your patch. I agree this is an interesting add-on.

On the implementation part, I'm mainly reviewed  belle-sip part.

Bellow my comments:

-Better to put verify_cb_error_cb_t pointer into structure belle_tls_verify_policy_t

-verify_cb_error_cb_t shall be part of the public API.

-verify_cb_error_cb_t  don't you need to add parameter of type belle_sip_certificate_raw_format_t ?

-verify_cb_error_cb_t, what is the purpose of flag ?might be enough to just have return value like BELLE_SIP_VERIFY_OK | BELLE_SIP_VERIFY_ERROR

Best regards

Jehan

www.linphone.org

Le 8 janv. 2015 à 21:24, Eli Burke <address@hidden> a écrit :

Here’s a patch to belle-sip and liblinphone that adds a callback mechanism to intercept SSL certificate validation errors. It allows an application to side-load certificates, verify against system-trusted certificates, or display self-signed certificates to users for white-listing. Comments in the belle-sip patch explain appropriate usage: make sure you turn off linphone_core_iterate and respect the certificate depth and flags parameters.


<belle-sip_ssl_verify_callback.patch><linphone_ssl_verify_callback.patch>_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers

signature.asc
Description: Message signed with OpenPGP using GPGMail