Determining SSL Authenticity

Dave Cragg dcragg at lacscentre.co.uk
Wed Jan 3 06:43:53 EST 2007


On 3 Jan 2007, at 04:11, Derek Bump wrote:

> Andre,
>
> Thank you so much for your response.  I'm afraid I was a little  
> unclear as to my intentions.  I am implementing altBrowser into one  
> of my projects, and unfortunately, altBrowser does not return  
> whether IE knows  if the server is secure.  I'm looking for a way  
> of determining this within Revolution so I can display that on the  
> screen.

I don't know much about the workings of altBrowser, but one possible  
(and clunky) way would be to check the url from Rev first before  
having altBrowser display the page.

put "https://whatever.com/path" into tTestUrl
get url tTestUrl
if the result <> empty then
   ## no good
else
   ## OK so ask altBrowser to display the url
end if

Or, probably quicker, use the "open secure socket" command to just  
the server:

  open secure socket to "whatever.com" with message "openedOK"

on openedOK pSocket
   close socket pSocket
   ## ask altBroswer to display the url
end openedOK

on socketError pSocket, pErrString
   ## no good
end socketError

One problem is that a failure to get the url or open the socket  
doesn't necessarily mean the certificate is not secure. You'd have to  
examine either "the result" from the url call, or pErrString in the  
socketError handler to be sure.

I haven't tried either approach, so be sure to confirm that they do  
what you want before trusting in them.

Cheers
Dave




More information about the use-livecode mailing list