change http to https, what to do?
J. Landman Gay
jacque at hyperactivesw.com
Thu Jan 24 19:23:22 EST 2019
On 1/24/19 4:27 PM, Matthias Rebbe via use-livecode wrote:
>
>
>> Am 24.01.2019 um 21:11 schrieb J. Landman Gay via use-livecode <use-livecode at lists.runrev.com <mailto:use-livecode at lists.runrev.com>>:
>>
>>> On Jan 24, 2019, at 03:31 , Matthias Rebbe via use-livecode<use-livecode at lists.runrev.com <mailto:use-livecode at lists.runrev.com>> wrote:
>>> i do not know what might be the reason, but when i run into problems with sftp or https connections i disable
>>> SSL peer certificate verification with
>>>
>>> tsNetVerifySSLPeer false
>>>
>>> just to see if it´s working without verification of the SSL peer certificate.
>>
>> I've had a problem in the past where a certificate fails in the hops between the client and the server. (At least, I think that was the problem.) I had to set libURLSetSSLVerification to false, which isn't safe but allows all connections to work.
>>
>> How does tsNetVerifySSLPeer compare to libURLSetSSLVerification? Is verification of peers different from verification of all certificates?
>>
>
> For community edition libURLSetSSLVerfication is the only way to disable the SSL Verification.
> In Indy and Business i think you can use both, because LibURL library contains a tsNet wrapper, so that if tsNET is available,then libURL uses tsNet instead of the normal liburl script. That´s how i understood how liburl and tsNet work together.
>
> But i think Charles Warwick could explain it better. ;) He wrote the wrapper in liburl.
I'm using the Business edition so I can use either command. But my main
question is whether it is possible to ignore intermediate SSL
certificates while still verifying the target server certificate. Or
would that be unsafe too?
--
Jacqueline Landman Gay | jacque at hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
More information about the use-livecode
mailing list