Google Code-In 2014
Task Preview
LightMelody: Server Certificate CheckCopyleft Games Group
STATUS: DRAFT

LightMelody supports encrypted client to server connections via starttls, but does not currently verify server certificates. This prevents passive packet sniffing, but fails to protect against man-in-the-middle attacks via forged server certificates.

Add the necessary checks and API necessary to warn users to self-signed certificates or untrusted CAs. The code for this may be trivial, but testing your code may require setting up your own XMPP server and TLS certificates, including a free signed certificate from StartSSL.

While working on this task you should join and remain in #CopyleftGames on Freenode to get help, feedback, and guidance from mentors and other developers. Code updates which may affect your work are also announced here as they happen.

When you've done, commit your work and post the resulting changeset url to this task.