Dear All,
I want to let you know something about Server Certificate Validation when you HTTPS communicate through Tizen Native API In order that Tizen Native Application HTTPS communicates through the Tizen Native HTTP API, you need to implement the following listener interface, as you know. - “public Tizen::Net::Http::IHttpTransactionEventListener” When you implement this listener in your class, you should implement following method also ( If you want to HTTPS communitate ) - virtual void IHttpTransactionEventListener::OnTransactionCertVerificationRequiredN ( HttpSession& httpSession, HttpTransaction& httpTransaction, Tizen::Base::String* pCert ) This method is called to accept input from the user on whether to resume or pause the transaction in case the Server Certificate is not verified. The certificate for the server has been issued by an authority that is not reliable by the Tizen device. This may mean that the server has generated its own security credentials, which Tizen device cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed if this callback method has never been called in this current URI. For unreliable Server Certificate, you should call following method. - HttpTransaction::Pause() Or, you can also proceed through following method anyway. But, you have to have in mind that this way can induce an MIMT attack - HttpTransaction::Resume() Refer Link 1 (Using HTTPS) : https://developer.tizen.org/dev- guide/2.2.1/org.tizen.native.appprogramming/html/tutorials/net_tutorial/usin g_HTTPS.htm Refer Link 2 (OnTransactionCertVerificationRequiredN API Reference) : https://developer.tizen.org/dev- guide/2.2.1/org.tizen.native.apireference/classTizen_1_1Net_1_1Http_1_1IHttp TransactionEventListener.html#ad618bce1d3bd488adddb2133788ef37d Thanks.
_______________________________________________ Application-dev mailing list Application-dev@lists.tizen.org https://lists.tizen.org/listinfo/application-dev
