I'm also not familiarized with this process.
I´m working on a telephone IP project.
We are using SIP with TLS and how it´s behind a NAT, the first thing to do
is to register the telephone to create a TLS connection.
After that, all the other SIP methods (incoming and outcoming call) will
flow through this connection.
But, to create a trusty connection, it´s important to validate the
certificate received during the establishment of the TLS. If this
certificate is not valid the connection won´t be established. To validate
this certificate we need another ceritficate, from the certifier entity
(CA), which verifies this received certificate.
On the first test, I try to register without the CA certificate, and it
didn´t work.
On the second test, I uploaded the CA certificate to the telephone, and then
the connection worked. Without this patch, the connection is always
established, even if the certificate isn´t valid. With the patch you need
the CA certfication.
Regards,
Paulo Pizarro
2008/11/20 Jerry Richards <[EMAIL PROTECTED]>
> Paulo,
>
> We also discovered sofia-sip is not verifying TLS/SSL certificates. Could
> you send me this patch? I don't see it up in darcs yet.
>
> Best Regards,
> Jerry
>
>
>
>
> Message: 2
> Date: Wed, 19 Nov 2008 18:46:37 -0200
> From: "Paulo Pizarro" <[EMAIL PROTECTED]>
> Subject: [Sofia-sip-devel] patch: TPTAG_TLS_VERIFY_PEER
> To: sofia-sip-devel@lists.sourceforge.net
> Message-ID:
> <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
> This patch adds support to a new tag called TPTAG_TLS_VERIFY_PEER.
>
> With this tag, the verification of certificates can be controlled:
> 0: no verify certificates.
> 1: on server mode, the certificate returned by client is checked and if
> fail
> the TLS/SSL handshake is immediately terminated.
> 1: on client mode, the server certificate is verified and if fail the
> TLS/SSL handshake is immediately terminated.
>
> I added this tag, because I'd like that my application not connected to a
> server with a untrusted certificate.
>
> Thankx,
>
> Paulo Pizarro
> -------------- next part --------------
> An HTML attachment was scrubbed...
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: tls_verify.patch
> Type: text/x-patch
> Size: 5674 bytes
> Desc: not available
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Sofia-sip-devel mailing list
Sofia-sip-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
