Determining SSL Authenticity - Part II

[Luis]

Re-resding your post: I think I've found something closer to your request.

http://articles.techrepublic.com.com/5100-1009-6055958.html

http://articles.techrepublic.com.com/5100-6350_11-5287634.html

Code signing process:
http://www.instantssl.com/code-signing/code-signing-process.html?currency=GBP&region=United+Kingdom&country=GB&entryURL=http%3A//www.instantssl.com/code-signing/&referrerURL=http%3A//www.hackerguardian.com/help/glossary.html

Cheers,

Luis.


Luis wrote:
> Hiya,
> 
> You can request a certificate from the server and parse the results. A 
> sample of a certificate (current X.509 standard) is here: 
> http://en.wikipedia.org/wiki/X.509
> 
> Other than that you can probably obtain the appropriate documentation 
> from Certificate providers like Verisign and Thawte.
> 
> Note that most browsers come with root certificates pre-installed from 
> the major vendors (more info here: 
> http://en.wikipedia.org/wiki/Root_certificate) and they can be used to 
> validate some certificates.
> 
> Some companies generate their own certificates: In this instance you'd 
> have to make sure a trust is established on which you can then base your 
> checking.
> 
> Cheers,
> 
> Luis.
> 
> 
> Derek Bump wrote:
>> Andre,
>>
>> Thank you so much for your response.  I'm afraid I was a little 
>> unclear as to my intentions.  I am implementing altBrowser into one of 
>> my projects, and unfortunately, altBrowser does not return whether IE 
>> knows  if the server is secure.  I'm looking for a way of determining 
>> this within Revolution so I can display that on the screen.
>>
>> I just looked over the built-in documentation for SSL and couldn't 
>> find much other than the encrypt and decrypt functions.  I need a way 
>> to determine if the url that altBrowser is looking at is actually secure.
>>
>> Any ideas? :)
>>
>>
>> Derek Bump
>> Dreamscape Software
>> www.dreamscapesoftware.com
>>
>> Andre Garzia wrote:
>>> Derek,
>>>
>>> if the certificate is not valid, the SSL library will return you an 
>>> error. Actually, in some cases, it returns an error even for valid 
>>> certificates... I don't know if you can find the certificate 
>>> information from inside Rev, if you are using MacOS X then you can 
>>> use cURL or some other unixland tool to query the certificate data 
>>> but I never tried that.
>>>
>>> Andre
>>> PS: I simply feel like answering emails today... :-)
>>>
>>> On Jan 3, 2007, at 1:08 AM, Derek Bump wrote:
>>>
>>>> Does anyone know how to determine SSL authenticity.  For example, if 
>>>> I'm connected to "https://www.somedomain.com/securepage.php", other 
>>>> than the  "s" after http, how can I find out the certificate 
>>>> information?
>>>>
>>>> Or do I just trust the fact that since the "s" is after "http" that 
>>>> it's secure?
>>>>
>>>>
>>>> Derek Bump
>>>> Dreamscape Software
>>>> www.dreamscapesoftware.com
>>>> _______________________________________________
>>>> use-revolution mailing list
>>>> use-revolution at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your 
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your 
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>
>>>
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your 
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
> 
>