Https

Dave Cragg dcragg at lacscentre.co.uk
Mon Sep 13 06:52:08 EDT 2004


On 9 Sep 2004, at 17:12, Frank Leahy wrote:
>
> Interesting.  Anyone know if getting this error will preclude data 
> being returned from the https connection?  For example, I can imagine 
> having a web server where I didn't bother getting a Verisign (or 
> other) certificate, but I still wanted to get and put data over an 
> https connection.
>
> -- Frank
>
Yes. Right now it will prevent you doing this if you go via libUrl.

libUrl uses "open secure socket ... with verification", which requires 
a certificate.

However, it shouldn't be too hard to add something to libUrl which 
allows you to use "without verification". perhaps a "switch command" 
such as libUrlSetSSLVerification <true|false> with the default being 
true.

Of course, anyone using this would have to be careful. I could imagine 
a faulty implementation like this:

   verification fails
   application asks user if he/she wants to continue without verification
   application switches off verification and completes request
   application *forgets* to switch it back on again
   all future https requests are unverified
   end of civilisation

Cheers
Dave



More information about the use-livecode mailing list