[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] SSL/TLS certificate verification callback patc

From: jehan monnier
Subject: Re: [Linphone-developers] SSL/TLS certificate verification callback patch
Date: Thu, 15 Jan 2015 14:37:53 +0100

Hi Eli,

Thanks for your patch. I agree this is an interesting add-on.
On the implementation part, I'm mainly reviewed  belle-sip part.

Bellow my comments:
-Better to put verify_cb_error_cb_t pointer into structure belle_tls_verify_policy_t
-verify_cb_error_cb_t shall be part of the public API.
-verify_cb_error_cb_t  don't you need to add parameter of type belle_sip_certificate_raw_format_t ?
-verify_cb_error_cb_t, what is the purpose of flag ?might be enough to just have return value like BELLE_SIP_VERIFY_OK | BELLE_SIP_VERIFY_ERROR

Best regards

Le 8 janv. 2015 à 21:24, Eli Burke <address@hidden> a écrit :

Here’s a patch to belle-sip and liblinphone that adds a callback mechanism to intercept SSL certificate validation errors. It allows an application to side-load certificates, verify against system-trusted certificates, or display self-signed certificates to users for white-listing. Comments in the belle-sip patch explain appropriate usage: make sure you turn off linphone_core_iterate and respect the certificate depth and flags parameters.

Linphone-developers mailing list

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

reply via email to

[Prev in Thread] Current Thread [Next in Thread]