Https

Frank Leahy frank at backtalk.com
Mon Sep 13 09:59:14 EDT 2004


On Sep 13, 2004, at 1:12 PM, use-revolution-request at lists.runrev.com 
wrote:

> From: Dave Cragg <dcragg at lacscentre.co.uk>
> Subject: Re: Https
> To: How to use Revolution <use-revolution at lists.runrev.com>
> Message-ID: <F573CFA6-0572-11D9-8F59-000A9569F8B0 at lacscentre.co.uk>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
>
>
> On 9 Sep 2004, at 17:12, Frank Leahy wrote:
>>
>> Interesting.  Anyone know if getting this error will preclude data
>> being returned from the https connection?  For example, I can imagine
>> having a web server where I didn't bother getting a Verisign (or
>> other) certificate, but I still wanted to get and put data over an
>> https connection.
>>
>> -- Frank
>>
> Yes. Right now it will prevent you doing this if you go via libUrl.
>
> libUrl uses "open secure socket ... with verification", which requires
> a certificate.
>
> However, it shouldn't be too hard to add something to libUrl which
> allows you to use "without verification". perhaps a "switch command"
> such as libUrlSetSSLVerification <true|false> with the default being
> true.
>
> Of course, anyone using this would have to be careful. I could imagine
> a faulty implementation like this:
>
>    verification fails
>    application asks user if he/she wants to continue without 
> verification
>    application switches off verification and completes request
>    application *forgets* to switch it back on again
>    all future https requests are unverified
>    end of civilisation


Dave,

Thanks, great idea.

What about the switch being on a per request basis, i.e. not a global?

Do envision adding this feature to libURL in the near future?

-- Frank



More information about the use-livecode mailing list