On Wed, 2008-11-26 at 12:46 -0600, Pekka Pessi wrote: > 2008/11/19 Paulo Pizarro <[EMAIL PROTECTED]>: > > This patch adds support to a new tag called TPTAG_TLS_VERIFY_PEER. > > I wonder if someone is using the sekret environment variable > SSL_VERIFY_PEER, it is probably their time to yell...
I was, but it was a sekret. However, I wonder if seperate TPTAG_TLS_VERIFY_SERVER and TPTAG_TLS_VERIFY_CLIENT wouldn't make more sense. Judging from how HTTPS is utilized in most cases, one might expect for a UA to verify the cert chain from the server it is connecting to, but accept connections from another UA using only a self-signed certificate. That aside, I'm starting to cook some patches that will allow the application to query detailed certificate information from the stack; specifically, the certificate Subject, but also some other security checks. Until a nua app can verify the subject against the original DNS lookup, the security is still really quite weak. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
