auto-discovery mechanism as I described. will only work with SM-DP+ that include the root cert
Also note that the Subject Key Identifier of the CI cert can be an arbitrary string dictated by…
Although I guess I could also piggyback on lpac's derutil.c here from JNI.
Even without considering support for test CIs, I think implementing the certificate check as part of the initial handshake is also advantageous over just installing the cert and trusting it across…
I now wonder if it is even necessary for the LPA to verify the TLS cert at all, given that the eUICC is not supposed to accept arbitrary BPP anyway.
It looks like many production SM-DP+ servers do not actually send the full certificate chain, and therefore we cannot verify CERT.DP.TLS against CERT.CI.ECDSA without hard-coding the CI cert. The…
I have just updated the README.md for this yesterday -- you can find a debug mode apk for both OpenEUICC and EasyEUICC inside the "Actions" tab in this repository. No release build is planned,…
But I agree checking with GetEuiccInfo1/2 would be the best course of action to support non production CIs
An interim solution that can be implemented a bit faster would be an option that allows the user to supply a custom CI public key, or an option to disable the check on the TLS side altogether.