override HTTPS certificate failure

Trevor DeVore lists at mangomultimedia.com
Tue Oct 25 12:25:50 EDT 2016


On Tue, Oct 25, 2016 at 11:10 AM, Bob Sneidar <bobsneidar at iotecdigital.com>
wrote:

> True, but isn't the issue that a malformed cert including self signed
> certs are rejected? A self signed cert is not insecure, it's just less
> secure than a root signed cert, and only because a background check has
> been done against the cert owner. Otherwise a self signed cert is just as
> valid if you know you can trust it, as when connecting to you domain
> controller or copier for the first time on a LAN. After that, the cert
> theoretically cannot be spoofed.
>

I’m working on a libURL addition that will allow you to specify hosts that
should bypass SSL verification without turning it off completely. That way
you let the user know a certificate wasn’t verified but allow them to
override it. Here are the changes I’ve made on one of my branches:

https://github.com/trevordevore/livecode/commit/6a5bc42abebca23e6b8aa611c8f0966b221441c6

I still have to put together a test and file an enhancement request for it
before I can submit it though.

-- 
Trevor DeVore
ScreenSteps
www.screensteps.com    -    www.clarify-it.com



More information about the use-livecode mailing list