Determining SSL Authenticity
Luis
luis at anachreon.co.uk
Wed Jan 3 05:22:29 EST 2007
Hiya,
You can request a certificate from the server and parse the results. A
sample of a certificate (current X.509 standard) is here:
http://en.wikipedia.org/wiki/X.509
Other than that you can probably obtain the appropriate documentation
from Certificate providers like Verisign and Thawte.
Note that most browsers come with root certificates pre-installed from
the major vendors (more info here:
http://en.wikipedia.org/wiki/Root_certificate) and they can be used to
validate some certificates.
Some companies generate their own certificates: In this instance you'd
have to make sure a trust is established on which you can then base your
checking.
Cheers,
Luis.
Derek Bump wrote:
> Andre,
>
> Thank you so much for your response. I'm afraid I was a little unclear
> as to my intentions. I am implementing altBrowser into one of my
> projects, and unfortunately, altBrowser does not return whether IE knows
> if the server is secure. I'm looking for a way of determining this
> within Revolution so I can display that on the screen.
>
> I just looked over the built-in documentation for SSL and couldn't find
> much other than the encrypt and decrypt functions. I need a way to
> determine if the url that altBrowser is looking at is actually secure.
>
> Any ideas? :)
>
>
> Derek Bump
> Dreamscape Software
> www.dreamscapesoftware.com
>
> Andre Garzia wrote:
>> Derek,
>>
>> if the certificate is not valid, the SSL library will return you an
>> error. Actually, in some cases, it returns an error even for valid
>> certificates... I don't know if you can find the certificate
>> information from inside Rev, if you are using MacOS X then you can use
>> cURL or some other unixland tool to query the certificate data but I
>> never tried that.
>>
>> Andre
>> PS: I simply feel like answering emails today... :-)
>>
>> On Jan 3, 2007, at 1:08 AM, Derek Bump wrote:
>>
>>> Does anyone know how to determine SSL authenticity. For example, if
>>> I'm connected to "https://www.somedomain.com/securepage.php", other
>>> than the "s" after http, how can I find out the certificate
>>> information?
>>>
>>> Or do I just trust the fact that since the "s" is after "http" that
>>> it's secure?
>>>
>>>
>>> Derek Bump
>>> Dreamscape Software
>>> www.dreamscapesoftware.com
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>
More information about the use-livecode
mailing list