linphone-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] SSL/TLS certificate verification callback patc


From: Eli Burke
Subject: Re: [Linphone-developers] SSL/TLS certificate verification callback patch
Date: Thu, 15 Jan 2015 11:15:44 -0500

Jehan,

I could move the verify_cb_error_cb_t pointer into the belle_tls_verify_policy_t structure. I think that will mean adding a variable to store it in the Sal structure and a new function like sal_set_tls_verify_callback(). This new function would call set_tls_properties() where the callback pointer would be set in the listening point’s verify policy. 

I can add also add a belle_sip_certificate_raw_format_t parameter to the callback pointer, however it will always be set to DER, never a PEM cert chain. The way the PolarSSL works, the callback is invoked for every certificate in the chain. The only way to modify that behavior would be to store the certificates inside belle-sip until reaching depth=0, and then calling a callback. That is a more complicated design. A third design would be to report the entire certificate chain after the connection fails; less flexible but the the application could use it to update the root ca PEM file. 

The purpose of the flag variable is to communicate the individual certificate status to the callback. It can be used to short-circuit verification (for example, if PolarSSL trusts the certificate, the verify callback can return immediately) or to perform specific processing, like if there is a hostname mismatch, beyond just allowing or denying the connection, or simply to communicate the certificate status to the user. 

If these changes sound good to you, I will try and modify the patch to suit your preferences. However, I do have a question. I mentioned in the patch code that linphone_core_iterate should be turned off while the verify callback is active. I originally wrote that for eXoSIP, and I’m not so sure that is true anymore with belle-sip. With some limited testing, it seems to work fine iterate active, but once I got an infinite loop of "belle_sip_main_loop_iterate([%p]): reentrancy detected, doing nothing.” errors.  Is there a safe way to block in a belle-sip thread, or a way to pause main_loop_iterate? 

Thanks,
Eli


Date: Thu, 15 Jan 2015 14:37:53 +0100
From: jehan monnier <address@hidden>
To: address@hidden
Subject: Re: [Linphone-developers] SSL/TLS certificate verification
callback patch
Message-ID: <address@hidden>
Content-Type: text/plain; charset="windows-1252"

Hi Eli,

Thanks for your patch. I agree this is an interesting add-on.
On the implementation part, I'm mainly reviewed  belle-sip part.

Bellow my comments:
-Better to put verify_cb_error_cb_t pointer into structure belle_tls_verify_policy_t
-verify_cb_error_cb_t shall be part of the public API.
-verify_cb_error_cb_t  don't you need to add parameter of type belle_sip_certificate_raw_format_t ?
-verify_cb_error_cb_t, what is the purpose of flag ?might be enough to just have return value like BELLE_SIP_VERIFY_OK | BELLE_SIP_VERIFY_ERROR

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail


reply via email to

[Prev in Thread] Current Thread [Next in Thread]