Https
Dave Cragg
dcragg at lacscentre.co.uk
Mon Sep 13 06:52:08 EDT 2004
On 9 Sep 2004, at 17:12, Frank Leahy wrote:
>
> Interesting. Anyone know if getting this error will preclude data
> being returned from the https connection? For example, I can imagine
> having a web server where I didn't bother getting a Verisign (or
> other) certificate, but I still wanted to get and put data over an
> https connection.
>
> -- Frank
>
Yes. Right now it will prevent you doing this if you go via libUrl.
libUrl uses "open secure socket ... with verification", which requires
a certificate.
However, it shouldn't be too hard to add something to libUrl which
allows you to use "without verification". perhaps a "switch command"
such as libUrlSetSSLVerification <true|false> with the default being
true.
Of course, anyone using this would have to be careful. I could imagine
a faulty implementation like this:
verification fails
application asks user if he/she wants to continue without verification
application switches off verification and completes request
application *forgets* to switch it back on again
all future https requests are unverified
end of civilisation
Cheers
Dave
More information about the use-livecode
mailing list