override HTTPS certificate failure
Bob Sneidar
bobsneidar at iotecdigital.com
Wed Oct 26 11:51:50 EDT 2016
By unverified, do you mean self-signed as well? Too many devices and servers use self-signed certs to exclude them. The whole point to self signed certs is so that the world is not forced to purchase a cert from an authority for every single device in order to be relatively secure.
For devices outside a network then yes, certs need to be issued by a trusted authority, but that is the whole point of asking the user. I know I can trust my copier cert. I do NOT know if I can trust microsoft.com<http://microsoft.com>_mie_.de.
Not sure if this is relevant to this conversation.
Bob S
On Oct 26, 2016, at 08:16 , Peter TB Brett <peter.brett at livecode.com<mailto:peter.brett at livecode.com>> wrote:
I believe that it's a really really bad idea to download completely unverified certificates and permanently add them to the list of certs that your app trusts implicitly.
Peter
More information about the use-livecode
mailing list