Livecode and "Extended Validation" SSL certificates

Sat Jul 11 16:58:20 EDT 2015

> On Jul 11, 2015, at 9:26 AM, Richard Gaskin <Ambassador at FourthWorld.com> wrote:
> 
> Bruce Pokras wrote:
> 
>> Recently, the app's requests for the access token kept resulting in
>> an error message. I tried a lot of differnt work-arounds. Nothing
>> helped.
>> 
>> I finally posted my problem to an EPO forum for OPS users, and
>> included the error message which at the time made no sense to me.
>> From the response I received from OPS support, they had recently
>> changed from conventional SSL certificates to new “Extended
>> Validation” SSL certificates. Could there be something about the
>> Livecode implementation of https that is not compatible with these EV
>> certificates? Does that make sense? Here is the error message:
>> ---
>> error -Error with certificate at depth: 1 issuer = /OU=GlobalSign
>> Root CA - R2/O=GlobalSign/CN=GlobalSign subject = /C=BE/O=GlobalSign
>> nv-sa/CN=GlobalSign Extended Validation CA - SHA256 - G2 err
>> 7:certificate signature failure
>> —
>> Once I knew this to be related to SSL, I added
>> "libURLSetSSLVerification false” to the scripts. No more errors and
>> the app receives the access token without any problem. However, I
>> felt it might be useful to put this issue in front of this
>> knowledgeable group as both a warning and as a seed for discusion.
>> Why did Livecode work fine with the old SSL certificates, but does
>> not with the EV certificates?
> 
> Thank you for posting that, Bruce.
> 
> I've seen a similar issue with an app I make that uses a similar cert on the server we use for storage,  but here the problem is intermittent so I've been reluctant to file a bug report until I can pin down a reliable recipe.
> 
> Is this issue consistently reproducible for you?
> 
> -- 
> Richard Gaskin
> Fourth World Systems
> Software Design and Development for the Desktop, Mobile, and the Web
> ____________________________________________________________________
> Ambassador at FourthWorld.com                http://www.FourthWorld.com
> 

Over the past week there were a couple of short periods of time (about 5 minutes each) during which I was receiving the desired access token instead of the error. In fact, right now with multiple attempts with libURLSetSSLVerification set to “true” it worked fine all but one time. Of course, I do not want to risk having even one failure when the fix is as easy as setting libURLSetSSLVerification to “false”. (Oops, spoke too soon! Am now consistently getting the error again when libURLSetSSLVerification is set to “true”).

One list member who e-mailed me directly suggested that it might be a Livecode version issue with 7.0.5 giving the error because it was using an older openssl but 7.0.6 was working fine. I am a dinosaur still using 6.0.2. I will see if 7.0.6 makes any difference for me.