HP-UX C SIP Stack Programmer's Guide (Novembery 2007)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

341

342

343

344

345

346

347

348

349

350

Working with the Transport Layer 319

SIP Stack and TLS

RvSipTransportConnectionTlsPostConnectionAssertionEv()

As described in the introduction, a TLS attack can be performed in the following

manner: computer mallice.com holds the valid certificate of p.com and displays

it in the handshake process. The certificate is valid so the handshake will be

completed successfully. If this attack is preformed, the user might deliver data to

an unauthenticated party. To prevent this, the SIP Stack compares parameters

from within the certificate to the connection destination (usually the URI or the

Route headers). If this comparison fails, the

RvSipTransportConnectionTlsPostConnectionAssertionEv() event is called,

allowing the application to override the decision of the SIP Stack, and complete

the TLS connection establishment.

RvSipTransportVerifyCertificateEv()

This callback, which is passed in the

RvSipTransportConnectionTlsHandshake() function, lets the application control

the default certificate verification. The parameter meaning is different for TLS

client connections and TLS server connections. For further elaboration of this

parameter see the SIP Stack Reference Guide.

Passing a non-NULL parameter will enable the application to examine incoming

certificates, analyze data on these certificates and override the pass/fail decision

on the certificates. In this callback you can retrieve data regarding the certificate

that is being examined.

The RvSipTransportTlsGetCertVerificationError() function is used to examine

the certification error.

The RvSipTransportTlsEncodeCert() function is used to retrieve the encoded

certificate.

Sample Code

The following sample code shows how to examine some of the data stored in a

certificate during the handshake process.

/*==================================================================================*/

RvInt32 AppTransportVerifyCertificateEventHandler(

IN RvInt32 prevError,

IN RvSipTransportTlsCertificate certificate)

{

RvChar szCert[2048] = {'\0'};

RvChar szLogData[2048] = {'\0'};

RvChar szTmpData[2048] = {'\0'};

X509 *pCert = NULL;