----- Original Message ----- From: "Philippe Fischer" <[EMAIL PROTECTED]> To: "Palm Developer Forum" <[EMAIL PROTECTED]> Sent: Wednesday, January 14, 2004 9:44 AM Subject: Re: PalmOS Device and SSL
> Hi Vu, > I've got the same problem! But importing certs is not the only problem, I > think that the cert manager doesn't work at all. Even on valid Verisign > certs he reports errors. I've tested it with the internet browser on a T3 > Simulator (you can dowload the browser on PalmOne). I afraid that the only > way to ensure server authentication is to implement a cert check in the > verify callback. Client authentication isn't possible at all. > Hi Phillippe, I did some tests yesterday and the result seems that the built-in certs are used, but I may be wrong, as I often am. Here what I did on the client app running on Treo 600 simulator and Tungsten C simulator ( but not on the Tungsten T3 one ) : 1. Do not install the verifycallback that check for NonTrustedError. 2. Using SslOpen to connect to my "self-signed" ssl server. The client app does report the NonTrustedError. 3. Using SslOpen to connect to port 443 of a secure web server using Verisign ( I guess it uses Verisign or something lile that, because it is *big* ). The client app does *not* report any error for SslOpen. This mean the verification works, if I understand correctly. For that test result, I guess the builtin certs are used. I also think of implementing the own self-signed certification check using both the SSL and the CPM libraries, but maybe PalmOS 6 has fixed this problem already. :-) Let's see next month what PalmOS will announce. Vu -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/