relyt29
commented
9 years ago We can't just hardcode (or add an option to specify an overriding) sha fingerprint of the server's cert into the library and then just perform a check on connect?
Closed janimo closed 9 years ago
relyt29
commented
9 years ago We can't just hardcode (or add an option to specify an overriding) sha fingerprint of the server's cert into the library and then just perform a check on connect?
janimo
commented
9 years ago Yes,I think that is the way to do it, hardcoding (plus config override) of the server certificate's public key's hash. zaki's fork of this lib has some code for that, I just wanted to first check out what the Android client does exactly and replicate that.
janimo
commented
9 years ago Did it by setting the server's certificate to be the root CA instead of the host's default CA list.
In order to be safer against MITM attacks, check we are connecting to the right server.