[Blink] Blink 1.4.2 on Windows 7 is not verifying TLS server certificate
Sophie Hamilton
blink-support at theblob.org
Mon Feb 15 09:49:11 CET 2016
Hi,
I'm using Blink 1.4.2 on Windows 7.
I'm setting up an Asterisk server with TLS/SRTP (using a server certificate
issued from a self-signed CA) and have noticed that when setting up the
account in Blink with the appropriate settings and registering, it does not
verify the server at all, even though the "Verify server" checkbox is
ticked. I can even go so far as to generate an entirely different CA and
tell Blink to consider that as the certificate authority, and it will still
register successfully.
I'm very concerned about this, as it opens up the possibility for a
man-in-the-middle attack. Is there anything I'm doing wrong or is this a
bug in Blink?
- Sophie.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ag-projects.com/pipermail/blink/attachments/20160215/9f5a2598/attachment.html>
More information about the Blink
mailing list