override HTTPS certificate failure
Ben Rubinstein
benr_mc at cogapp.com
Fri Oct 28 10:51:10 EDT 2016
On 27/10/2016 00:19, Charles Warwick wrote:
>> You probably should care about implementing them. I can think of several
>> ways to exploit this situation, especially if your test servers are not on
>> the same private network as the developers who are accessing them.
>>
> That isn't feasible if the app developer has no control over the web servers
> that they are connecting to. It is common for an app developer to have to
> write an application to communicate with servers that are not under their
> control. While they can recommend the server administrator to implement those
> things, when it comes to demonstrating an app in a testing environment in
> order to get paid, I think most developers would agree that they would prefer
> to not push too hard!
This is exactly my (OP) situation. I have indeed already mentioned Let's
Encrypt to my clients - but telling that everything must halt until they mend
their ways is not an option, so I was very glad when Lyn pointed me at
libUrlSetSSLVerification.
Ben
More information about the use-livecode
mailing list