[Blink] Blink 1.4.2 on Windows 7 is not verifying TLS server certificate

Sophie Hamilton blink-support at theblob.org
Mon Feb 15 09:49:11 CET 2016


I'm using Blink 1.4.2 on Windows 7.

I'm setting up an Asterisk server with TLS/SRTP (using a server certificate
issued from a self-signed CA) and have noticed that when setting up the
account in Blink with the appropriate settings and registering, it does not
verify the server at all, even though the "Verify server" checkbox is
ticked. I can even go so far as to generate an entirely different CA and
tell Blink to consider that as the certificate authority, and it will still
register successfully.

I'm very concerned about this, as it opens up the possibility for a
man-in-the-middle attack. Is there anything I'm doing wrong or is this a
bug in Blink?

 - Sophie.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ag-projects.com/pipermail/blink/attachments/20160215/9f5a2598/attachment.html>

More information about the Blink mailing list