I am trying to implement XMPP, in chrome-JS.
XMPP resolves the server hostname using DNS SRV lookups, so if I want to
get the server for "foo.com", I may end up with e.g. "abcdxmpp.foo.com"
as hostname. The user opened the connection to "foo.com", though, and
the SSL certificate is for "foo.com", not "abcdxmpp.foo.com" (that's how
all the clients apparently work).
I open a socket (nsISocketTransport) with SSL/STARTTLS, i.e.
Ci.nsISocketTransportService.createTransport("starttls", 1,
"abcdxmpp.foo.com", 5222, proxyInfo);
Now, how do I set the hostname to check the cert against?
By default, it uses the hostname that I open the socket to, but in my
case of course that gives a "bad_cert_domain" error.
Of course I took
socket.securityInfo.QueryInterface(Ci.nsISSLSocketControl), I need that
to start STARTTLS anyway, but I don't see any way there to set the
hostname to check again.
From what I understand, the app should be able to tell the security lib
which hostname to check against, because we're supposed to check against
what the user entered originally, not necessarily what we end up with.
Most libs, e.g. java and Python, even require the app author to
explicitly set this. So, I assume that possibility is somewhere, I just
didn't find the API.
Can somebody help?
Ben
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
