Hi, I'm cross-posting since I'm not sure if this is primarily a Netlib or a Crypto issue.
We're using Netlib as the transport layer for a P2P implementation, using SSL for authentication and encryption. We use the nsSocketTransportService to get an nsISocketTransport interface for incoming connections. By specifying the correct parameters, we get an SSL socket which is what we need. The problem is this: since this is a P2P network, we can't use the domain name of the peer for identification. Instead we have our own identification scheme. But the default implementation of the certification authentication code (SSL_AuthCertification) checks the domain name, apparently to guard against man-in-the-middle attacks. This code can be overridden using SSL_AuthCertificateHook, but to do this we need a pointer to the socket (PRFileDesc). This pointer is contained in the nsSocketTransport implementation, but it isn't accessible via nsISocketTransport. Is there any way to override the certification authentication code in this case? The only thing that occurs to me would be to derive our own class from nsSocketTransport, but I'm not sure if this is kosher since it's internal to Netlib. Any help would be greatly appreciated! Matt _______________________________________________ Mozilla-netlib mailing list Mozilla-netlib@mozilla.org http://mail.mozilla.org/listinfo/mozilla-netlib
