I'm going to commit a patch that adds certificate verification
to the Kannel SSL client code. Previously all SSL client connections
were doen with verification disabled. This way an encrypted connection
was established but the identity of the server was not proven.
Please review this code
Sorry if I stepped on some toes. I did not consider the
changes to be THAT intrusive. They do not change the structure
of the code, they just add a new feature. I took care
not to change the behaviour of the system when the new
configuration option is not set.
I'm willing to back the changes out
Sorry if I stepped on some toes. I did not consider the
changes to be THAT intrusive. They do not change the structure
of the code, they just add a new feature. I took care
not to change the behaviour of the system when the new
configuration option is not set.
I'm willing to back the
Sorry if I stepped on some toes. I did not consider the
changes to be THAT intrusive. They do not change the structure
of the code, they just add a new feature. I took care
not to change the behaviour of the system when the new
configuration option is not set.
I'm willing to back the
BTW, the patch looks good!
Stipe
[EMAIL PROTECTED]
---
Wapme Systems AG
Münsterstr. 248
40470 Düsseldorf
Tel: +49-211-74845-0
Fax: +49-211-74845-299
E-Mail: [EMAIL PROTECTED]
Internet: http://www.wapme-systems.de
Pommnitz
To: 'Stipe Tolj '
Cc: ''[EMAIL PROTECTED]' '
Sent: 12/7/01 12:07 PM
Subject: RE: Heads up: SSL client code to verify SSL server certificates
Thanks, however I just discovered some misbehaviour that I'm unsure
whom to blame for:
If a certificate gets rejected than this currently not detected