[Blink] Blink 1.4.2 on Windows 7 is not verifying TLS server certificate

Saúl Ibarra Corretgé saul at ag-projects.com
Fri Feb 19 12:30:57 CET 2016


Hi Sophie,

> On 15 Feb 2016, at 09:49, Sophie Hamilton <blink-support at theblob.org> wrote:
> 
> Hi,
> 
> I'm using Blink 1.4.2 on Windows 7.
> 
> I'm setting up an Asterisk server with TLS/SRTP (using a server certificate issued from a self-signed CA) and have noticed that when setting up the account in Blink with the appropriate settings and registering, it does not verify the server at all, even though the "Verify server" checkbox is ticked. I can even go so far as to generate an entirely different CA and tell Blink to consider that as the certificate authority, and it will still register successfully.
> 
> I'm very concerned about this, as it opens up the possibility for a man-in-the-middle attack. Is there anything I'm doing wrong or is this a bug in Blink?
> 

Hum, looks like something is wrong indeed. Thanks for letting us now, we’ll take care of this ASAP.


Regards,

--
Saúl Ibarra Corretgé
AG Projects





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.ag-projects.com/pipermail/blink/attachments/20160219/7dc75676/attachment.pgp>


More information about the Blink mailing list