Https
Dave Cragg
dcragg at lacscentre.co.uk
Mon Sep 13 11:41:04 EDT 2004
On 13 Sep 2004, at 15:41, Troy Rollins wrote:
>
> On Sep 13, 2004, at 6:52 AM, Dave Cragg wrote:
>
>> However, it shouldn't be too hard to add something to libUrl which
>> allows you to use "without verification". perhaps a "switch command"
>> such as libUrlSetSSLVerification <true|false> with the default being
>> true.
>
> We are talking about shutting it off for the purposes of that one
> session with just the requests made by the Rev-based application,
> right?
>
> While I think that SSL which always requires a certificate is not very
> useful, I also think it would be bad to so easily compromise the
> end-user's computer if the above is not the case. If it only shuts it
> off for the Rev app, and only for the current session, that would be a
> pretty decent and workable solution.
>
I can say with absolutely no authority whatsoever that using "open
secure socket ... without verification" has no effect outside of Rev.
:)
I'm no SSL expert, and am only transplanting the new secure socket
syntax into libUrl. So your question serves as a good note of caution,
and I'll get confirmation from the Rev SSL man (Tuviah) before adding
this.
Cheers
Dave
More information about the use-livecode
mailing list